From 8355920a194498e36cb0faf2f4989da73df2959b Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Thu, 30 Mar 2023 15:08:38 -0700 Subject: [PATCH 01/16] Updated Microsoft trusted root CAs. Release: February 2023 (2023-03-29) (#5188) --- .../ca-certificates.signatures.json | 2 +- SPECS/ca-certificates/ca-certificates.spec | 5 +- SPECS/ca-certificates/certdata.microsoft.txt | 3423 ++--------------- .../prebuilt-ca-certificates-base.spec | 5 +- .../prebuilt-ca-certificates.spec | 5 +- .../manifests/package/pkggen_core_aarch64.txt | 6 +- .../manifests/package/pkggen_core_x86_64.txt | 6 +- .../manifests/package/toolchain_aarch64.txt | 10 +- .../manifests/package/toolchain_x86_64.txt | 10 +- 9 files changed, 248 insertions(+), 3224 deletions(-) diff --git a/SPECS/ca-certificates/ca-certificates.signatures.json b/SPECS/ca-certificates/ca-certificates.signatures.json index b2f48bc21ec..1d650f08704 100644 --- a/SPECS/ca-certificates/ca-certificates.signatures.json +++ b/SPECS/ca-certificates/ca-certificates.signatures.json @@ -11,7 +11,7 @@ "README.usr": "0d2e90b6cf575678cd9d4f409d92258ef0d676995d4d733acdb2425309a38ff8", "bundle2pem.sh": "a61e0d9f34e21456cfe175e9a682f56959240e66dfeb75bd2457226226aa413a", "certdata.base.txt": "76c4cd1860b9a6f6ee9c2a0dcddcef46f65950b7ec12d2a7eeabeedca4e379f9", - "certdata.microsoft.txt": "7c9a314f528f5f353b478caaea8be051ad6b2ff99dca2754206afb632093fe47", + "certdata.microsoft.txt": "53fa416b306459da67127b12c17fb33d9598f0c085148578689066e84b00018e", "certdata2pem.py": "4f5848c14210758f19ab9fdc9ffd83733303a48642a3d47c4d682f904fdc0f33", "pem2bundle.sh": "f96a2f0071fb80e30332c0bd95853183f2f49a3c98d5e9fc4716aeeb001e3426", "trust-fixes": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b", diff --git a/SPECS/ca-certificates/ca-certificates.spec b/SPECS/ca-certificates/ca-certificates.spec index 05911a07738..7db5249efc5 100644 --- a/SPECS/ca-certificates/ca-certificates.spec +++ b/SPECS/ca-certificates/ca-certificates.spec @@ -44,7 +44,7 @@ Name: ca-certificates # When updating, "Version" AND "Release" tags must be updated in the "prebuilt-ca-certificates" package as well. Version: 20200720 -Release: 29%{?dist} +Release: 30%{?dist} License: MPLv2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -319,6 +319,9 @@ rm -f %{pkidir}/tls/certs/*.{0,pem} %{_bindir}/bundle2pem.sh %changelog +* Thu Mar 30 2023 CBL-Mariner Service Account - 20200720-30 +- Updating Microsoft trusted root CAs. + * Mon Dec 12 2022 Pawel Winogrodzki - 20200720-29 - Adding 'Obsoletes' for the old 'ca-certificates-microsoft' packages before release 19. diff --git a/SPECS/ca-certificates/certdata.microsoft.txt b/SPECS/ca-certificates/certdata.microsoft.txt index 9b016544a4a..43787be4146 100644 --- a/SPECS/ca-certificates/certdata.microsoft.txt +++ b/SPECS/ca-certificates/certdata.microsoft.txt @@ -1,4 +1,4 @@ -# Release: October 2022 +# Release: February 2023 # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this @@ -414,520 +414,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "TrustCor RootCert CA-1" -# -# Issuer: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -# Serial Number:00:da:9b:ec:71:f3:03:b0:19 -# Subject: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -# Not Valid Before: Thu Feb 04 12:32:16 2016 -# Not Valid After : Mon Dec 31 17:23:16 2029 -# Fingerprint (SHA-256): D4:0E:9C:86:CD:8F:E4:68:C1:77:69:59:F4:9E:A7:74:FA:54:86:84:B6:C4:06:F3:90:92:61:F4:DC:E2:57:5C -# Fingerprint (SHA1): FF:BD:CD:E7:82:C8:43:5E:3C:6F:26:86:5C:CA:A8:3A:45:5B:C3:0A -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TrustCor RootCert CA-1" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101 -\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155 -\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141 -\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012 -\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145 -\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060 -\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162 -\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 -\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014 -\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145 -\162\164\040\103\101\055\061 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101 -\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155 -\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141 -\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012 -\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145 -\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060 -\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162 -\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 -\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014 -\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145 -\162\164\040\103\101\055\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\011\000\332\233\354\161\363\003\260\031 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\060\060\202\003\030\240\003\002\001\002\002\011\000 -\332\233\354\161\363\003\260\031\060\015\006\011\052\206\110\206 -\367\015\001\001\013\005\000\060\201\244\061\013\060\011\006\003 -\125\004\006\023\002\120\101\061\017\060\015\006\003\125\004\010 -\014\006\120\141\156\141\155\141\061\024\060\022\006\003\125\004 -\007\014\013\120\141\156\141\155\141\040\103\151\164\171\061\044 -\060\042\006\003\125\004\012\014\033\124\162\165\163\164\103\157 -\162\040\123\171\163\164\145\155\163\040\123\056\040\144\145\040 -\122\056\114\056\061\047\060\045\006\003\125\004\013\014\036\124 -\162\165\163\164\103\157\162\040\103\145\162\164\151\146\151\143 -\141\164\145\040\101\165\164\150\157\162\151\164\171\061\037\060 -\035\006\003\125\004\003\014\026\124\162\165\163\164\103\157\162 -\040\122\157\157\164\103\145\162\164\040\103\101\055\061\060\036 -\027\015\061\066\060\062\060\064\061\062\063\062\061\066\132\027 -\015\062\071\061\062\063\061\061\067\062\063\061\066\132\060\201 -\244\061\013\060\011\006\003\125\004\006\023\002\120\101\061\017 -\060\015\006\003\125\004\010\014\006\120\141\156\141\155\141\061 -\024\060\022\006\003\125\004\007\014\013\120\141\156\141\155\141 -\040\103\151\164\171\061\044\060\042\006\003\125\004\012\014\033 -\124\162\165\163\164\103\157\162\040\123\171\163\164\145\155\163 -\040\123\056\040\144\145\040\122\056\114\056\061\047\060\045\006 -\003\125\004\013\014\036\124\162\165\163\164\103\157\162\040\103 -\145\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157 -\162\151\164\171\061\037\060\035\006\003\125\004\003\014\026\124 -\162\165\163\164\103\157\162\040\122\157\157\164\103\145\162\164 -\040\103\101\055\061\060\202\001\042\060\015\006\011\052\206\110 -\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001 -\012\002\202\001\001\000\277\216\267\225\342\302\046\022\153\063 -\031\307\100\130\012\253\131\252\215\000\243\374\200\307\120\173 -\216\324\040\046\272\062\022\330\043\124\111\045\020\042\230\235 -\106\322\301\311\236\116\033\056\054\016\070\363\032\045\150\034 -\246\132\005\346\036\213\110\277\230\226\164\076\151\312\351\265 -\170\245\006\274\325\000\136\011\012\362\047\172\122\374\055\325 -\261\352\264\211\141\044\363\032\023\333\251\317\122\355\014\044 -\272\271\236\354\176\000\164\372\223\255\154\051\222\256\121\264 -\273\323\127\277\263\363\250\215\234\364\044\113\052\326\231\236 -\364\236\376\300\176\102\072\347\013\225\123\332\267\150\016\220 -\114\373\160\077\217\112\054\224\363\046\335\143\151\251\224\330 -\020\116\305\107\010\220\231\033\027\115\271\154\156\357\140\225 -\021\216\041\200\265\275\240\163\330\320\262\167\304\105\352\132 -\046\373\146\166\166\370\006\037\141\155\017\125\305\203\267\020 -\126\162\006\007\245\363\261\032\003\005\144\016\235\132\212\326 -\206\160\033\044\336\376\050\212\053\320\152\260\374\172\242\334 -\262\171\016\213\145\017\002\003\001\000\001\243\143\060\141\060 -\035\006\003\125\035\016\004\026\004\024\356\153\111\074\172\077 -\015\343\261\011\267\212\310\253\031\237\163\063\120\347\060\037 -\006\003\125\035\043\004\030\060\026\200\024\356\153\111\074\172 -\077\015\343\261\011\267\212\310\253\031\237\163\063\120\347\060 -\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377 -\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\206 -\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003 -\202\001\001\000\045\030\324\221\217\023\356\217\036\035\021\123 -\332\055\104\051\031\240\036\153\061\236\115\016\236\255\075\134 -\101\157\225\053\044\241\171\230\072\070\066\373\273\146\236\110 -\377\220\220\357\075\324\270\233\264\207\165\077\040\233\316\162 -\317\241\125\301\115\144\242\031\006\241\007\063\014\013\051\345 -\361\352\253\243\354\265\012\164\220\307\175\162\362\327\134\237 -\221\357\221\213\267\334\355\146\242\317\216\146\073\274\237\072 -\002\340\047\335\026\230\300\225\324\012\244\344\201\232\165\224 -\065\234\220\137\210\067\006\255\131\225\012\260\321\147\323\031 -\312\211\347\062\132\066\034\076\202\250\132\223\276\306\320\144 -\221\266\317\331\266\030\317\333\176\322\145\243\246\304\216\027 -\061\301\373\176\166\333\323\205\343\130\262\167\172\166\073\154 -\057\120\034\347\333\366\147\171\037\365\202\225\232\007\247\024 -\257\217\334\050\041\147\011\322\326\115\132\034\031\034\216\167 -\134\303\224\044\075\062\153\113\176\324\170\224\203\276\067\115 -\316\137\307\036\116\074\340\211\063\225\013\017\245\062\326\074 -\132\171\054\031 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "TrustCor RootCert CA-1" -# Issuer: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -# Serial Number:00:da:9b:ec:71:f3:03:b0:19 -# Subject: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -# Not Valid Before: Thu Feb 04 12:32:16 2016 -# Not Valid After : Mon Dec 31 17:23:16 2029 -# Fingerprint (SHA-256): D4:0E:9C:86:CD:8F:E4:68:C1:77:69:59:F4:9E:A7:74:FA:54:86:84:B6:C4:06:F3:90:92:61:F4:DC:E2:57:5C -# Fingerprint (SHA1): FF:BD:CD:E7:82:C8:43:5E:3C:6F:26:86:5C:CA:A8:3A:45:5B:C3:0A -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TrustCor RootCert CA-1" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\377\275\315\347\202\310\103\136\074\157\046\206\134\312\250\072 -\105\133\303\012 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\156\205\361\334\032\000\323\042\325\262\262\254\153\067\005\105 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101 -\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155 -\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141 -\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012 -\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145 -\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060 -\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162 -\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 -\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014 -\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145 -\162\164\040\103\101\055\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\011\000\332\233\354\161\363\003\260\031 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - - -# -# Certificate "TrustCor RootCert CA-2" -# -# Issuer: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -# Serial Number:25:a1:df:ca:33:cb:59:02 -# Subject: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -# Not Valid Before: Thu Feb 04 12:32:23 2016 -# Not Valid After : Sun Dec 31 17:26:39 2034 -# Fingerprint (SHA-256): 07:53:E9:40:37:8C:1B:D5:E3:83:6E:39:5D:AE:A5:CB:83:9E:50:46:F1:BD:0E:AE:19:51:CF:10:FE:C7:C9:65 -# Fingerprint (SHA1): B8:BE:6D:CB:56:F1:55:B9:63:D4:12:CA:4E:06:34:C7:94:B2:1C:C0 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TrustCor RootCert CA-2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101 -\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155 -\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141 -\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012 -\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145 -\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060 -\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162 -\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 -\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014 -\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145 -\162\164\040\103\101\055\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101 -\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155 -\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141 -\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012 -\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145 -\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060 -\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162 -\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 -\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014 -\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145 -\162\164\040\103\101\055\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\045\241\337\312\063\313\131\002 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\006\057\060\202\004\027\240\003\002\001\002\002\010\045 -\241\337\312\063\313\131\002\060\015\006\011\052\206\110\206\367 -\015\001\001\013\005\000\060\201\244\061\013\060\011\006\003\125 -\004\006\023\002\120\101\061\017\060\015\006\003\125\004\010\014 -\006\120\141\156\141\155\141\061\024\060\022\006\003\125\004\007 -\014\013\120\141\156\141\155\141\040\103\151\164\171\061\044\060 -\042\006\003\125\004\012\014\033\124\162\165\163\164\103\157\162 -\040\123\171\163\164\145\155\163\040\123\056\040\144\145\040\122 -\056\114\056\061\047\060\045\006\003\125\004\013\014\036\124\162 -\165\163\164\103\157\162\040\103\145\162\164\151\146\151\143\141 -\164\145\040\101\165\164\150\157\162\151\164\171\061\037\060\035 -\006\003\125\004\003\014\026\124\162\165\163\164\103\157\162\040 -\122\157\157\164\103\145\162\164\040\103\101\055\062\060\036\027 -\015\061\066\060\062\060\064\061\062\063\062\062\063\132\027\015 -\063\064\061\062\063\061\061\067\062\066\063\071\132\060\201\244 -\061\013\060\011\006\003\125\004\006\023\002\120\101\061\017\060 -\015\006\003\125\004\010\014\006\120\141\156\141\155\141\061\024 -\060\022\006\003\125\004\007\014\013\120\141\156\141\155\141\040 -\103\151\164\171\061\044\060\042\006\003\125\004\012\014\033\124 -\162\165\163\164\103\157\162\040\123\171\163\164\145\155\163\040 -\123\056\040\144\145\040\122\056\114\056\061\047\060\045\006\003 -\125\004\013\014\036\124\162\165\163\164\103\157\162\040\103\145 -\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157\162 -\151\164\171\061\037\060\035\006\003\125\004\003\014\026\124\162 -\165\163\164\103\157\162\040\122\157\157\164\103\145\162\164\040 -\103\101\055\062\060\202\002\042\060\015\006\011\052\206\110\206 -\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002\012 -\002\202\002\001\000\247\040\156\302\052\242\142\044\225\220\166 -\310\070\176\200\322\253\301\233\145\005\224\364\301\012\020\325 -\002\254\355\237\223\307\207\310\260\047\053\102\014\075\012\076 -\101\132\236\165\335\215\312\340\233\354\150\062\244\151\222\150 -\214\013\201\016\126\240\076\032\335\054\045\024\202\057\227\323 -\144\106\364\124\251\334\072\124\055\061\053\231\202\362\331\052 -\327\357\161\000\270\061\244\276\172\044\007\303\102\040\362\212 -\324\222\004\033\145\126\114\154\324\373\266\141\132\107\043\264 -\330\151\264\267\072\320\164\074\014\165\241\214\116\166\241\351 -\333\052\245\073\372\316\260\377\176\152\050\375\047\034\310\261 -\351\051\361\127\156\144\264\320\301\025\155\016\276\056\016\106 -\310\136\364\121\376\357\016\143\072\073\161\272\317\157\131\312 -\014\343\233\135\111\270\114\342\127\261\230\212\102\127\234\166 -\357\357\275\321\150\250\322\364\011\273\167\065\276\045\202\010 -\304\026\054\104\040\126\251\104\021\167\357\135\264\035\252\136 -\153\076\213\062\366\007\057\127\004\222\312\365\376\235\302\351 -\350\263\216\114\113\002\061\331\344\074\110\202\047\367\030\202 -\166\110\072\161\261\023\241\071\325\056\305\064\302\035\142\205 -\337\003\376\115\364\257\075\337\134\133\215\372\160\341\245\176 -\047\307\206\056\152\217\022\306\204\136\103\121\120\234\031\233 -\170\346\374\366\355\107\176\173\075\146\357\023\023\210\137\074 -\241\143\373\371\254\207\065\237\363\202\236\244\077\012\234\061 -\151\213\231\244\210\112\216\156\146\115\357\026\304\017\171\050 -\041\140\015\205\026\175\327\124\070\361\222\126\375\265\063\114 -\203\334\327\020\237\113\375\306\370\102\275\272\174\163\002\340 -\377\175\315\133\341\324\254\141\173\127\325\112\173\133\324\205 -\130\047\135\277\370\053\140\254\240\046\256\024\041\047\306\167 -\232\063\200\074\136\106\077\367\303\261\243\206\063\306\350\136 -\015\271\065\054\252\106\301\205\002\165\200\240\353\044\373\025 -\252\344\147\177\156\167\077\364\004\212\057\174\173\343\027\141 -\360\335\011\251\040\310\276\011\244\320\176\104\303\262\060\112 -\070\252\251\354\030\232\007\202\053\333\270\234\030\255\332\340 -\106\027\254\317\135\002\003\001\000\001\243\143\060\141\060\035 -\006\003\125\035\016\004\026\004\024\331\376\041\100\156\224\236 -\274\233\075\234\175\230\040\031\345\214\060\142\262\060\037\006 -\003\125\035\043\004\030\060\026\200\024\331\376\041\100\156\224 -\236\274\233\075\234\175\230\040\031\345\214\060\142\262\060\017 -\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060 -\016\006\003\125\035\017\001\001\377\004\004\003\002\001\206\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202 -\002\001\000\236\105\236\014\073\266\357\341\072\310\174\321\000 -\075\317\342\352\006\265\262\072\273\006\113\150\172\320\043\227 -\164\247\054\360\010\330\171\132\327\132\204\212\330\022\232\033 -\331\175\134\115\160\305\245\371\253\345\243\211\211\335\001\372 -\354\335\371\351\222\227\333\260\106\102\363\323\142\252\225\376 -\061\147\024\151\130\220\012\252\013\356\067\043\307\120\121\264 -\365\176\236\343\173\367\344\314\102\062\055\111\014\313\377\111 -\014\233\036\064\375\156\156\226\212\171\003\266\157\333\011\313 -\375\137\145\024\067\341\070\365\363\141\026\130\344\265\155\015 -\013\004\033\077\120\055\177\263\307\172\032\026\200\140\370\212 -\037\351\033\052\306\371\272\001\032\151\277\322\130\307\124\127 -\010\217\341\071\140\167\113\254\131\204\032\210\361\335\313\117 -\170\327\347\341\063\055\374\356\101\372\040\260\276\313\367\070 -\224\300\341\320\205\017\273\355\054\163\253\355\376\222\166\032 -\144\177\133\015\063\011\007\063\173\006\077\021\244\134\160\074 -\205\300\317\343\220\250\203\167\372\333\346\305\214\150\147\020 -\147\245\122\055\360\304\231\217\177\277\321\153\342\265\107\326 -\331\320\205\231\115\224\233\017\113\215\356\000\132\107\035\021 -\003\254\101\030\257\207\267\157\014\072\217\312\317\334\003\301 -\242\011\310\345\375\200\136\310\140\102\001\033\032\123\132\273 -\067\246\267\274\272\204\351\036\154\032\324\144\332\324\103\376 -\223\213\113\362\054\171\026\020\324\223\013\210\217\241\330\206 -\024\106\221\107\233\050\044\357\127\122\116\134\102\234\252\367 -\111\354\047\350\100\036\263\246\211\042\162\234\365\015\063\264 -\130\243\060\073\335\324\152\124\223\276\032\115\363\223\224\367 -\374\204\013\077\204\040\134\064\003\104\305\332\255\274\012\301 -\002\317\036\345\224\331\363\216\133\330\114\360\235\354\141\027 -\273\024\062\124\014\002\051\223\036\222\206\366\177\357\347\222 -\005\016\131\335\231\010\056\056\372\234\000\122\323\305\146\051 -\344\247\227\104\244\016\050\201\023\065\305\366\157\144\346\101 -\304\325\057\314\064\105\045\317\101\000\226\075\112\056\302\226 -\230\117\116\112\234\227\267\333\037\222\062\310\377\017\121\156 -\326\354\011 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "TrustCor RootCert CA-2" -# Issuer: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -# Serial Number:25:a1:df:ca:33:cb:59:02 -# Subject: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -# Not Valid Before: Thu Feb 04 12:32:23 2016 -# Not Valid After : Sun Dec 31 17:26:39 2034 -# Fingerprint (SHA-256): 07:53:E9:40:37:8C:1B:D5:E3:83:6E:39:5D:AE:A5:CB:83:9E:50:46:F1:BD:0E:AE:19:51:CF:10:FE:C7:C9:65 -# Fingerprint (SHA1): B8:BE:6D:CB:56:F1:55:B9:63:D4:12:CA:4E:06:34:C7:94:B2:1C:C0 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TrustCor RootCert CA-2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\270\276\155\313\126\361\125\271\143\324\022\312\116\006\064\307 -\224\262\034\300 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\242\341\370\030\013\272\105\325\307\101\052\273\067\122\105\144 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101 -\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155 -\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141 -\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012 -\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145 -\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060 -\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162 -\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 -\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014 -\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145 -\162\164\040\103\101\055\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\045\241\337\312\063\313\131\002 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - - -# -# Certificate "TrustCor ECA-1" -# -# Issuer: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -# Serial Number:00:84:82:2c:5f:1c:62:d0:40 -# Subject: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -# Not Valid Before: Thu Feb 04 12:32:33 2016 -# Not Valid After : Mon Dec 31 17:28:07 2029 -# Fingerprint (SHA-256): 5A:88:5D:B1:9C:01:D9:12:C5:75:93:88:93:8C:AF:BB:DF:03:1A:B2:D4:8E:91:EE:15:58:9B:42:97:1D:03:9C -# Fingerprint (SHA1): 58:D1:DF:95:95:67:6B:63:C0:F0:5B:1C:17:4D:8B:84:0B:C8:78:BD -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TrustCor ECA-1" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\234\061\013\060\011\006\003\125\004\006\023\002\120\101 -\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155 -\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141 -\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012 -\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145 -\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060 -\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162 -\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 -\150\157\162\151\164\171\061\027\060\025\006\003\125\004\003\014 -\016\124\162\165\163\164\103\157\162\040\105\103\101\055\061 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\234\061\013\060\011\006\003\125\004\006\023\002\120\101 -\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155 -\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141 -\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012 -\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145 -\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060 -\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162 -\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 -\150\157\162\151\164\171\061\027\060\025\006\003\125\004\003\014 -\016\124\162\165\163\164\103\157\162\040\105\103\101\055\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\011\000\204\202\054\137\034\142\320\100 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\040\060\202\003\010\240\003\002\001\002\002\011\000 -\204\202\054\137\034\142\320\100\060\015\006\011\052\206\110\206 -\367\015\001\001\013\005\000\060\201\234\061\013\060\011\006\003 -\125\004\006\023\002\120\101\061\017\060\015\006\003\125\004\010 -\014\006\120\141\156\141\155\141\061\024\060\022\006\003\125\004 -\007\014\013\120\141\156\141\155\141\040\103\151\164\171\061\044 -\060\042\006\003\125\004\012\014\033\124\162\165\163\164\103\157 -\162\040\123\171\163\164\145\155\163\040\123\056\040\144\145\040 -\122\056\114\056\061\047\060\045\006\003\125\004\013\014\036\124 -\162\165\163\164\103\157\162\040\103\145\162\164\151\146\151\143 -\141\164\145\040\101\165\164\150\157\162\151\164\171\061\027\060 -\025\006\003\125\004\003\014\016\124\162\165\163\164\103\157\162 -\040\105\103\101\055\061\060\036\027\015\061\066\060\062\060\064 -\061\062\063\062\063\063\132\027\015\062\071\061\062\063\061\061 -\067\062\070\060\067\132\060\201\234\061\013\060\011\006\003\125 -\004\006\023\002\120\101\061\017\060\015\006\003\125\004\010\014 -\006\120\141\156\141\155\141\061\024\060\022\006\003\125\004\007 -\014\013\120\141\156\141\155\141\040\103\151\164\171\061\044\060 -\042\006\003\125\004\012\014\033\124\162\165\163\164\103\157\162 -\040\123\171\163\164\145\155\163\040\123\056\040\144\145\040\122 -\056\114\056\061\047\060\045\006\003\125\004\013\014\036\124\162 -\165\163\164\103\157\162\040\103\145\162\164\151\146\151\143\141 -\164\145\040\101\165\164\150\157\162\151\164\171\061\027\060\025 -\006\003\125\004\003\014\016\124\162\165\163\164\103\157\162\040 -\105\103\101\055\061\060\202\001\042\060\015\006\011\052\206\110 -\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001 -\012\002\202\001\001\000\317\217\340\021\265\237\250\166\166\333 -\337\017\124\357\163\143\051\202\255\107\306\243\153\355\376\137 -\063\370\103\121\351\032\063\221\061\027\240\164\304\324\247\001 -\346\262\222\076\152\235\355\016\371\164\230\100\323\077\003\200 -\006\202\100\350\261\342\247\121\247\035\203\046\153\253\336\372 -\027\221\053\330\306\254\036\261\236\031\001\325\227\246\352\015 -\267\304\125\037\047\174\322\010\325\166\037\051\025\207\100\071 -\335\070\105\021\165\320\232\247\064\340\277\315\310\122\035\271 -\107\176\015\270\273\306\014\366\163\127\026\132\176\103\221\037 -\125\072\306\155\104\004\252\234\251\234\247\114\211\027\203\256 -\243\004\136\122\200\213\036\022\045\021\031\327\014\175\175\061 -\104\101\352\333\257\260\034\357\201\320\054\305\232\041\233\075 -\355\102\073\120\046\362\354\316\161\141\006\142\041\124\116\177 -\301\235\076\177\040\214\200\313\052\330\227\142\310\203\063\221 -\175\260\242\132\017\127\350\073\314\362\045\262\324\174\057\354 -\115\306\241\072\025\172\347\266\135\065\365\366\110\112\066\105 -\146\324\272\230\130\301\002\003\001\000\001\243\143\060\141\060 -\035\006\003\125\035\016\004\026\004\024\104\236\110\365\314\155 -\110\324\240\113\177\376\131\044\057\203\227\231\232\206\060\037 -\006\003\125\035\043\004\030\060\026\200\024\104\236\110\365\314 -\155\110\324\240\113\177\376\131\044\057\203\227\231\232\206\060 -\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377 -\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\206 -\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003 -\202\001\001\000\005\076\065\134\025\160\233\311\307\163\141\157 -\162\053\324\302\217\362\103\135\002\316\304\224\271\224\021\203 -\147\135\342\147\154\165\166\277\273\014\252\066\306\255\107\223 -\143\334\036\176\326\336\056\376\351\031\062\070\003\177\024\366 -\000\163\054\131\261\041\006\341\373\254\030\225\014\243\377\231 -\226\367\053\047\233\325\044\314\035\335\301\072\340\230\104\260 -\304\344\076\167\261\163\251\144\054\366\034\001\174\077\135\105 -\205\300\205\347\045\217\225\334\027\363\074\237\032\156\260\312 -\343\035\052\351\114\143\372\044\141\142\326\332\176\266\034\154 -\365\002\035\324\052\335\125\220\353\052\021\107\074\056\136\164 -\262\202\042\245\175\123\037\105\354\047\221\175\347\042\026\350 -\300\150\066\330\306\361\117\200\104\062\371\341\321\321\035\252 -\336\250\253\234\004\257\255\040\016\144\230\115\245\153\300\110 -\130\226\151\115\334\007\214\121\223\242\337\237\017\075\213\140 -\264\202\215\252\010\116\142\105\340\371\013\322\340\340\074\133 -\336\134\161\047\045\302\346\003\201\213\020\123\343\307\125\242 -\264\237\327\346 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "TrustCor ECA-1" -# Issuer: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -# Serial Number:00:84:82:2c:5f:1c:62:d0:40 -# Subject: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -# Not Valid Before: Thu Feb 04 12:32:33 2016 -# Not Valid After : Mon Dec 31 17:28:07 2029 -# Fingerprint (SHA-256): 5A:88:5D:B1:9C:01:D9:12:C5:75:93:88:93:8C:AF:BB:DF:03:1A:B2:D4:8E:91:EE:15:58:9B:42:97:1D:03:9C -# Fingerprint (SHA1): 58:D1:DF:95:95:67:6B:63:C0:F0:5B:1C:17:4D:8B:84:0B:C8:78:BD -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TrustCor ECA-1" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\130\321\337\225\225\147\153\143\300\360\133\034\027\115\213\204 -\013\310\170\275 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\047\222\043\035\012\365\100\174\351\346\153\235\330\365\347\154 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\234\061\013\060\011\006\003\125\004\006\023\002\120\101 -\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155 -\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141 -\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012 -\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145 -\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060 -\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162 -\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 -\150\157\162\151\164\171\061\027\060\025\006\003\125\004\003\014 -\016\124\162\165\163\164\103\157\162\040\105\103\101\055\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\011\000\204\202\054\137\034\142\320\100 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - - # # Certificate "Amazon Root CA 1" # @@ -7860,142 +7346,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "Symantec Class 3 Public Primary Certification Authority - G4" -# -# Issuer: CN=Symantec Class 3 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Serial Number:4c:79:b5:9a:28:9c:76:31:64:f5:89:44:d0:91:02:de -# Subject: CN=Symantec Class 3 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Not Valid Before: Thu Oct 18 00:00:00 2012 -# Not Valid After : Tue Dec 01 23:59:59 2037 -# Fingerprint (SHA-256): 53:DF:DF:A4:E2:97:FC:FE:07:59:4E:8C:62:D5:B8:AB:06:B3:2C:75:49:F3:8A:16:30:94:FD:64:29:D5:DA:43 -# Fingerprint (SHA1): 58:D5:2D:B9:33:01:A4:FD:29:1A:8C:96:45:A0:8F:EE:7F:52:92:82 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Symantec Class 3 Public Primary Certification Authority - G4" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 -\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 -\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 -\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 -\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 -\164\145\143\040\103\154\141\163\163\040\063\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\064 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 -\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 -\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 -\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 -\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 -\164\145\143\040\103\154\141\163\163\040\063\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\064 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\114\171\265\232\050\234\166\061\144\365\211\104\320\221 -\002\336 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\002\247\060\202\002\055\240\003\002\001\002\002\020\114 -\171\265\232\050\234\166\061\144\365\211\104\320\221\002\336\060 -\012\006\010\052\206\110\316\075\004\003\003\060\201\224\061\013 -\060\011\006\003\125\004\006\023\002\125\123\061\035\060\033\006 -\003\125\004\012\023\024\123\171\155\141\156\164\145\143\040\103 -\157\162\160\157\162\141\164\151\157\156\061\037\060\035\006\003 -\125\004\013\023\026\123\171\155\141\156\164\145\143\040\124\162 -\165\163\164\040\116\145\164\167\157\162\153\061\105\060\103\006 -\003\125\004\003\023\074\123\171\155\141\156\164\145\143\040\103 -\154\141\163\163\040\063\040\120\165\142\154\151\143\040\120\162 -\151\155\141\162\171\040\103\145\162\164\151\146\151\143\141\164 -\151\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040 -\107\064\060\036\027\015\061\062\061\060\061\070\060\060\060\060 -\060\060\132\027\015\063\067\061\062\060\061\062\063\065\071\065 -\071\132\060\201\224\061\013\060\011\006\003\125\004\006\023\002 -\125\123\061\035\060\033\006\003\125\004\012\023\024\123\171\155 -\141\156\164\145\143\040\103\157\162\160\157\162\141\164\151\157 -\156\061\037\060\035\006\003\125\004\013\023\026\123\171\155\141 -\156\164\145\143\040\124\162\165\163\164\040\116\145\164\167\157 -\162\153\061\105\060\103\006\003\125\004\003\023\074\123\171\155 -\141\156\164\145\143\040\103\154\141\163\163\040\063\040\120\165 -\142\154\151\143\040\120\162\151\155\141\162\171\040\103\145\162 -\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157 -\162\151\164\171\040\055\040\107\064\060\166\060\020\006\007\052 -\206\110\316\075\002\001\006\005\053\201\004\000\042\003\142\000 -\004\127\317\352\263\071\115\077\241\041\340\156\057\070\162\306 -\207\227\363\205\013\107\347\017\121\310\321\364\231\233\312\131 -\145\377\114\371\352\013\267\045\325\322\366\354\061\055\062\142 -\022\327\166\206\247\372\070\311\145\324\376\163\342\204\071\370 -\114\111\142\023\335\272\325\210\240\137\075\310\117\260\077\217 -\241\120\021\344\223\106\255\303\137\313\361\244\152\225\126\350 -\300\243\102\060\100\060\016\006\003\125\035\017\001\001\377\004 -\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377\004 -\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026\004 -\024\044\235\274\322\161\367\035\302\045\276\042\361\211\245\054 -\025\073\064\036\136\060\012\006\010\052\206\110\316\075\004\003 -\003\003\150\000\060\145\002\061\000\271\146\150\145\333\005\320 -\070\175\016\363\310\165\141\270\320\050\304\261\112\063\121\130 -\373\362\074\020\310\256\107\170\166\312\146\044\027\206\076\120 -\126\156\245\055\231\210\270\275\044\002\060\003\352\247\347\250 -\074\352\235\142\306\137\124\332\230\364\167\275\117\217\030\234 -\221\134\107\153\100\115\020\035\263\341\211\312\013\042\310\032 -\305\305\376\213\335\301\337\157\170\237\221 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Symantec Class 3 Public Primary Certification Authority - G4" -# Issuer: CN=Symantec Class 3 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Serial Number:4c:79:b5:9a:28:9c:76:31:64:f5:89:44:d0:91:02:de -# Subject: CN=Symantec Class 3 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Not Valid Before: Thu Oct 18 00:00:00 2012 -# Not Valid After : Tue Dec 01 23:59:59 2037 -# Fingerprint (SHA-256): 53:DF:DF:A4:E2:97:FC:FE:07:59:4E:8C:62:D5:B8:AB:06:B3:2C:75:49:F3:8A:16:30:94:FD:64:29:D5:DA:43 -# Fingerprint (SHA1): 58:D5:2D:B9:33:01:A4:FD:29:1A:8C:96:45:A0:8F:EE:7F:52:92:82 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Symantec Class 3 Public Primary Certification Authority - G4" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\130\325\055\271\063\001\244\375\051\032\214\226\105\240\217\356 -\177\122\222\202 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\066\311\267\113\154\260\041\114\307\021\027\261\030\376\053\115 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 -\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 -\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 -\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 -\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 -\164\145\143\040\103\154\141\163\163\040\063\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\064 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\114\171\265\232\050\234\166\061\144\365\211\104\320\221 -\002\336 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - - # # Certificate "CFCA EV ROOT" # @@ -14788,207 +14138,54 @@ CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "Sectigo (AddTrust)" +# Certificate "Entrust.net" # -# Issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE -# Serial Number: 1 (0x1) -# Subject: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE -# Not Valid Before: Tue May 30 10:48:38 2000 -# Not Valid After : Sat May 30 10:48:38 2020 -# Fingerprint (SHA-256): 68:7F:A4:51:38:22:78:FF:F0:C8:B1:1F:8D:43:D5:76:67:1C:6E:B2:BC:EA:B4:13:FB:83:D9:65:D0:6D:2F:F2 -# Fingerprint (SHA1): 02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68 +# Issuer: CN=Entrust Root Certification Authority - G2,OU="(c) 2009 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US +# Serial Number: 1246989352 (0x4a538c28) +# Subject: CN=Entrust Root Certification Authority - G2,OU="(c) 2009 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US +# Not Valid Before: Tue Jul 07 17:25:54 2009 +# Not Valid After : Sat Dec 07 17:55:54 2030 +# Fingerprint (SHA-256): 43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39 +# Fingerprint (SHA1): 8C:F4:27:FD:79:0C:3A:D1:66:06:8D:E8:1E:57:EF:BB:93:22:72:D4 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Sectigo (AddTrust)" +CKA_LABEL UTF8 "Entrust.net" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\157\061\013\060\011\006\003\125\004\006\023\002\123\105\061 -\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165 -\163\164\040\101\102\061\046\060\044\006\003\125\004\013\023\035 -\101\144\144\124\162\165\163\164\040\105\170\164\145\162\156\141 -\154\040\124\124\120\040\116\145\164\167\157\162\153\061\042\060 -\040\006\003\125\004\003\023\031\101\144\144\124\162\165\163\164 -\040\105\170\164\145\162\156\141\154\040\103\101\040\122\157\157 -\164 +\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165 +\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004 +\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165 +\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162 +\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051 +\040\062\060\060\071\040\105\156\164\162\165\163\164\054\040\111 +\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162 +\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060 +\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040 +\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151 +\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107 +\062 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\157\061\013\060\011\006\003\125\004\006\023\002\123\105\061 -\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165 -\163\164\040\101\102\061\046\060\044\006\003\125\004\013\023\035 -\101\144\144\124\162\165\163\164\040\105\170\164\145\162\156\141 -\154\040\124\124\120\040\116\145\164\167\157\162\153\061\042\060 -\040\006\003\125\004\003\023\031\101\144\144\124\162\165\163\164 -\040\105\170\164\145\162\156\141\154\040\103\101\040\122\157\157 -\164 +\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165 +\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004 +\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165 +\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162 +\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051 +\040\062\060\060\071\040\105\156\164\162\165\163\164\054\040\111 +\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162 +\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060 +\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040 +\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151 +\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107 +\062 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\066\060\202\003\036\240\003\002\001\002\002\001\001 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\157\061\013\060\011\006\003\125\004\006\023\002\123\105\061\024 -\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165\163 -\164\040\101\102\061\046\060\044\006\003\125\004\013\023\035\101 -\144\144\124\162\165\163\164\040\105\170\164\145\162\156\141\154 -\040\124\124\120\040\116\145\164\167\157\162\153\061\042\060\040 -\006\003\125\004\003\023\031\101\144\144\124\162\165\163\164\040 -\105\170\164\145\162\156\141\154\040\103\101\040\122\157\157\164 -\060\036\027\015\060\060\060\065\063\060\061\060\064\070\063\070 -\132\027\015\062\060\060\065\063\060\061\060\064\070\063\070\132 -\060\157\061\013\060\011\006\003\125\004\006\023\002\123\105\061 -\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165 -\163\164\040\101\102\061\046\060\044\006\003\125\004\013\023\035 -\101\144\144\124\162\165\163\164\040\105\170\164\145\162\156\141 -\154\040\124\124\120\040\116\145\164\167\157\162\153\061\042\060 -\040\006\003\125\004\003\023\031\101\144\144\124\162\165\163\164 -\040\105\170\164\145\162\156\141\154\040\103\101\040\122\157\157 -\164\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001 -\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001 -\001\000\267\367\032\063\346\362\000\004\055\071\340\116\133\355 -\037\274\154\017\315\265\372\043\266\316\336\233\021\063\227\244 -\051\114\175\223\237\275\112\274\223\355\003\032\343\217\317\345 -\155\120\132\326\227\051\224\132\200\260\111\172\333\056\225\375 -\270\312\277\067\070\055\036\076\221\101\255\160\126\307\360\117 -\077\350\062\236\164\312\310\220\124\351\306\137\017\170\235\232 -\100\074\016\254\141\252\136\024\217\236\207\241\152\120\334\327 -\232\116\257\005\263\246\161\224\234\161\263\120\140\012\307\023 -\235\070\007\206\002\250\351\250\151\046\030\220\253\114\260\117 -\043\253\072\117\204\330\337\316\237\341\151\157\273\327\102\327 -\153\104\344\307\255\356\155\101\137\162\132\161\010\067\263\171 -\145\244\131\240\224\067\367\000\057\015\302\222\162\332\320\070 -\162\333\024\250\105\304\135\052\175\267\264\326\304\356\254\315 -\023\104\267\311\053\335\103\000\045\372\141\271\151\152\130\043 -\021\267\247\063\217\126\165\131\365\315\051\327\106\267\012\053 -\145\266\323\102\157\025\262\270\173\373\357\351\135\123\325\064 -\132\047\002\003\001\000\001\243\201\334\060\201\331\060\035\006 -\003\125\035\016\004\026\004\024\255\275\230\172\064\264\046\367 -\372\304\046\124\357\003\275\340\044\313\124\032\060\013\006\003 -\125\035\017\004\004\003\002\001\006\060\017\006\003\125\035\023 -\001\001\377\004\005\060\003\001\001\377\060\201\231\006\003\125 -\035\043\004\201\221\060\201\216\200\024\255\275\230\172\064\264 -\046\367\372\304\046\124\357\003\275\340\044\313\124\032\241\163 -\244\161\060\157\061\013\060\011\006\003\125\004\006\023\002\123 -\105\061\024\060\022\006\003\125\004\012\023\013\101\144\144\124 -\162\165\163\164\040\101\102\061\046\060\044\006\003\125\004\013 -\023\035\101\144\144\124\162\165\163\164\040\105\170\164\145\162 -\156\141\154\040\124\124\120\040\116\145\164\167\157\162\153\061 -\042\060\040\006\003\125\004\003\023\031\101\144\144\124\162\165 -\163\164\040\105\170\164\145\162\156\141\154\040\103\101\040\122 -\157\157\164\202\001\001\060\015\006\011\052\206\110\206\367\015 -\001\001\005\005\000\003\202\001\001\000\260\233\340\205\045\302 -\326\043\342\017\226\006\222\235\101\230\234\331\204\171\201\331 -\036\133\024\007\043\066\145\217\260\330\167\273\254\101\154\107 -\140\203\121\260\371\062\075\347\374\366\046\023\307\200\026\245 -\277\132\374\207\317\170\171\211\041\232\342\114\007\012\206\065 -\274\362\336\121\304\322\226\267\334\176\116\356\160\375\034\071 -\353\014\002\121\024\055\216\275\026\340\301\337\106\165\347\044 -\255\354\364\102\264\205\223\160\020\147\272\235\006\065\112\030 -\323\053\172\314\121\102\241\172\143\321\346\273\241\305\053\302 -\066\276\023\015\346\275\143\176\171\173\247\011\015\100\253\152 -\335\217\212\303\366\366\214\032\102\005\121\324\105\365\237\247 -\142\041\150\025\040\103\074\231\347\174\275\044\330\251\221\027 -\163\210\077\126\033\061\070\030\264\161\017\232\315\310\016\236 -\216\056\033\341\214\230\203\313\037\061\361\104\114\306\004\163 -\111\166\140\017\307\370\275\027\200\153\056\351\314\114\016\132 -\232\171\017\040\012\056\325\236\143\046\036\125\222\224\330\202 -\027\132\173\320\274\307\217\116\206\004 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Sectigo (AddTrust)" -# Issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE -# Serial Number: 1 (0x1) -# Subject: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE -# Not Valid Before: Tue May 30 10:48:38 2000 -# Not Valid After : Sat May 30 10:48:38 2020 -# Fingerprint (SHA-256): 68:7F:A4:51:38:22:78:FF:F0:C8:B1:1F:8D:43:D5:76:67:1C:6E:B2:BC:EA:B4:13:FB:83:D9:65:D0:6D:2F:F2 -# Fingerprint (SHA1): 02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Sectigo (AddTrust)" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\002\372\363\342\221\103\124\150\140\170\127\151\115\365\344\133 -\150\205\030\150 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\035\065\124\004\205\170\260\077\102\102\115\277\040\163\012\077 -END -CKA_ISSUER MULTILINE_OCTAL -\060\157\061\013\060\011\006\003\125\004\006\023\002\123\105\061 -\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165 -\163\164\040\101\102\061\046\060\044\006\003\125\004\013\023\035 -\101\144\144\124\162\165\163\164\040\105\170\164\145\162\156\141 -\154\040\124\124\120\040\116\145\164\167\157\162\153\061\042\060 -\040\006\003\125\004\003\023\031\101\144\144\124\162\165\163\164 -\040\105\170\164\145\162\156\141\154\040\103\101\040\122\157\157 -\164 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - - -# -# Certificate "Entrust.net" -# -# Issuer: CN=Entrust Root Certification Authority - G2,OU="(c) 2009 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US -# Serial Number: 1246989352 (0x4a538c28) -# Subject: CN=Entrust Root Certification Authority - G2,OU="(c) 2009 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US -# Not Valid Before: Tue Jul 07 17:25:54 2009 -# Not Valid After : Sat Dec 07 17:55:54 2030 -# Fingerprint (SHA-256): 43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39 -# Fingerprint (SHA1): 8C:F4:27:FD:79:0C:3A:D1:66:06:8D:E8:1E:57:EF:BB:93:22:72:D4 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Entrust.net" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165 -\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004 -\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165 -\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162 -\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051 -\040\062\060\060\071\040\105\156\164\162\165\163\164\054\040\111 -\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162 -\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060 -\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040 -\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151 -\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107 -\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165 -\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004 -\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165 -\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162 -\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051 -\040\062\060\060\071\040\105\156\164\162\165\163\164\054\040\111 -\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162 -\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060 -\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040 -\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151 -\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107 -\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\112\123\214\050 +\002\004\112\123\214\050 END CKA_VALUE MULTILINE_OCTAL \060\202\004\076\060\202\003\046\240\003\002\001\002\002\004\112 @@ -15622,165 +14819,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "VeriSign Class 3 Public Primary Certification Authority - G4" -# -# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G4,OU="(c) 2007 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Serial Number:2f:80:fe:23:8c:0e:22:0f:48:67:12:28:91:87:ac:b3 -# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G4,OU="(c) 2007 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Not Valid Before: Mon Nov 05 00:00:00 2007 -# Not Valid After : Mon Jan 18 23:59:59 2038 -# Fingerprint (SHA-256): 69:DD:D7:EA:90:BB:57:C9:3E:13:5D:C8:5E:A6:FC:D5:48:0B:60:32:39:BD:C4:54:FC:75:8B:2A:26:CF:7F:79 -# Fingerprint (SHA1): 22:D5:D8:DF:8F:02:31:D1:8D:F7:9D:B7:CF:8A:2D:64:C9:3F:6C:3A -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "VeriSign Class 3 Public Primary Certification Authority - G4" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 -\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 -\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 -\125\004\013\023\061\050\143\051\040\062\060\060\067\040\126\145 -\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 -\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 -\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023 -\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040 -\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171\040\055\040\107\064 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 -\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 -\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 -\125\004\013\023\061\050\143\051\040\062\060\060\067\040\126\145 -\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 -\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 -\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023 -\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040 -\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171\040\055\040\107\064 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\057\200\376\043\214\016\042\017\110\147\022\050\221\207 -\254\263 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\204\060\202\003\012\240\003\002\001\002\002\020\057 -\200\376\043\214\016\042\017\110\147\022\050\221\207\254\263\060 -\012\006\010\052\206\110\316\075\004\003\003\060\201\312\061\013 -\060\011\006\003\125\004\006\023\002\125\123\061\027\060\025\006 -\003\125\004\012\023\016\126\145\162\151\123\151\147\156\054\040 -\111\156\143\056\061\037\060\035\006\003\125\004\013\023\026\126 -\145\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145 -\164\167\157\162\153\061\072\060\070\006\003\125\004\013\023\061 -\050\143\051\040\062\060\060\067\040\126\145\162\151\123\151\147 -\156\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165 -\164\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154 -\171\061\105\060\103\006\003\125\004\003\023\074\126\145\162\151 -\123\151\147\156\040\103\154\141\163\163\040\063\040\120\165\142 -\154\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164 -\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162 -\151\164\171\040\055\040\107\064\060\036\027\015\060\067\061\061 -\060\065\060\060\060\060\060\060\132\027\015\063\070\060\061\061 -\070\062\063\065\071\065\071\132\060\201\312\061\013\060\011\006 -\003\125\004\006\023\002\125\123\061\027\060\025\006\003\125\004 -\012\023\016\126\145\162\151\123\151\147\156\054\040\111\156\143 -\056\061\037\060\035\006\003\125\004\013\023\026\126\145\162\151 -\123\151\147\156\040\124\162\165\163\164\040\116\145\164\167\157 -\162\153\061\072\060\070\006\003\125\004\013\023\061\050\143\051 -\040\062\060\060\067\040\126\145\162\151\123\151\147\156\054\040 -\111\156\143\056\040\055\040\106\157\162\040\141\165\164\150\157 -\162\151\172\145\144\040\165\163\145\040\157\156\154\171\061\105 -\060\103\006\003\125\004\003\023\074\126\145\162\151\123\151\147 -\156\040\103\154\141\163\163\040\063\040\120\165\142\154\151\143 -\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151 -\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 -\040\055\040\107\064\060\166\060\020\006\007\052\206\110\316\075 -\002\001\006\005\053\201\004\000\042\003\142\000\004\247\126\172 -\174\122\332\144\233\016\055\134\330\136\254\222\075\376\001\346 -\031\112\075\024\003\113\372\140\047\040\331\203\211\151\372\124 -\306\232\030\136\125\052\144\336\006\366\215\112\073\255\020\074 -\145\075\220\210\004\211\340\060\141\263\256\135\001\247\173\336 -\174\262\276\312\145\141\000\206\256\332\217\173\320\211\255\115 -\035\131\232\101\261\274\107\200\334\236\142\303\371\243\201\262 -\060\201\257\060\017\006\003\125\035\023\001\001\377\004\005\060 -\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004 -\003\002\001\006\060\155\006\010\053\006\001\005\005\007\001\014 -\004\141\060\137\241\135\240\133\060\131\060\127\060\125\026\011 -\151\155\141\147\145\057\147\151\146\060\041\060\037\060\007\006 -\005\053\016\003\002\032\004\024\217\345\323\032\206\254\215\216 -\153\303\317\200\152\324\110\030\054\173\031\056\060\045\026\043 -\150\164\164\160\072\057\057\154\157\147\157\056\166\145\162\151 -\163\151\147\156\056\143\157\155\057\166\163\154\157\147\157\056 -\147\151\146\060\035\006\003\125\035\016\004\026\004\024\263\026 -\221\375\356\246\156\344\265\056\111\217\207\170\201\200\354\345 -\261\265\060\012\006\010\052\206\110\316\075\004\003\003\003\150 -\000\060\145\002\060\146\041\014\030\046\140\132\070\173\126\102 -\340\247\374\066\204\121\221\040\054\166\115\103\075\304\035\204 -\043\320\254\326\174\065\006\316\315\151\275\220\015\333\154\110 -\102\035\016\252\102\002\061\000\234\075\110\071\043\071\130\032 -\025\022\131\152\236\357\325\131\262\035\122\054\231\161\315\307 -\051\337\033\052\141\173\161\321\336\363\300\345\015\072\112\252 -\055\247\330\206\052\335\056\020 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "VeriSign Class 3 Public Primary Certification Authority - G4" -# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G4,OU="(c) 2007 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Serial Number:2f:80:fe:23:8c:0e:22:0f:48:67:12:28:91:87:ac:b3 -# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G4,OU="(c) 2007 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Not Valid Before: Mon Nov 05 00:00:00 2007 -# Not Valid After : Mon Jan 18 23:59:59 2038 -# Fingerprint (SHA-256): 69:DD:D7:EA:90:BB:57:C9:3E:13:5D:C8:5E:A6:FC:D5:48:0B:60:32:39:BD:C4:54:FC:75:8B:2A:26:CF:7F:79 -# Fingerprint (SHA1): 22:D5:D8:DF:8F:02:31:D1:8D:F7:9D:B7:CF:8A:2D:64:C9:3F:6C:3A -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "VeriSign Class 3 Public Primary Certification Authority - G4" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\042\325\330\337\217\002\061\321\215\367\235\267\317\212\055\144 -\311\077\154\072 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\072\122\341\347\375\157\072\343\157\363\157\231\033\371\042\101 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 -\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 -\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 -\125\004\013\023\061\050\143\051\040\062\060\060\067\040\126\145 -\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 -\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 -\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023 -\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040 -\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171\040\055\040\107\064 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\057\200\376\043\214\016\042\017\110\147\022\050\221\207 -\254\263 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - - # # Certificate "thawte Primary Root CA - G2" # @@ -16548,174 +15586,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "EDICOM" -# -# Issuer: C=ES,O=EDICOM,OU=PKI,CN=ACEDICOM Root -# Serial Number:61:8d:c7:86:3b:01:82:05 -# Subject: C=ES,O=EDICOM,OU=PKI,CN=ACEDICOM Root -# Not Valid Before: Fri Apr 18 16:24:22 2008 -# Not Valid After : Thu Apr 13 16:24:22 2028 -# Fingerprint (SHA-256): 03:95:0F:B4:9A:53:1F:3E:19:91:94:23:98:DF:A9:E0:EA:32:D7:BA:1C:DD:9B:C8:5D:B5:7E:D9:40:0B:43:4A -# Fingerprint (SHA1): E0:B4:32:2E:B2:F6:A5:68:B6:54:53:84:48:18:4A:50:36:87:43:84 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "EDICOM" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\104\061\026\060\024\006\003\125\004\003\014\015\101\103\105 -\104\111\103\117\115\040\122\157\157\164\061\014\060\012\006\003 -\125\004\013\014\003\120\113\111\061\017\060\015\006\003\125\004 -\012\014\006\105\104\111\103\117\115\061\013\060\011\006\003\125 -\004\006\023\002\105\123 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\104\061\026\060\024\006\003\125\004\003\014\015\101\103\105 -\104\111\103\117\115\040\122\157\157\164\061\014\060\012\006\003 -\125\004\013\014\003\120\113\111\061\017\060\015\006\003\125\004 -\012\014\006\105\104\111\103\117\115\061\013\060\011\006\003\125 -\004\006\023\002\105\123 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\141\215\307\206\073\001\202\005 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\265\060\202\003\235\240\003\002\001\002\002\010\141 -\215\307\206\073\001\202\005\060\015\006\011\052\206\110\206\367 -\015\001\001\005\005\000\060\104\061\026\060\024\006\003\125\004 -\003\014\015\101\103\105\104\111\103\117\115\040\122\157\157\164 -\061\014\060\012\006\003\125\004\013\014\003\120\113\111\061\017 -\060\015\006\003\125\004\012\014\006\105\104\111\103\117\115\061 -\013\060\011\006\003\125\004\006\023\002\105\123\060\036\027\015 -\060\070\060\064\061\070\061\066\062\064\062\062\132\027\015\062 -\070\060\064\061\063\061\066\062\064\062\062\132\060\104\061\026 -\060\024\006\003\125\004\003\014\015\101\103\105\104\111\103\117 -\115\040\122\157\157\164\061\014\060\012\006\003\125\004\013\014 -\003\120\113\111\061\017\060\015\006\003\125\004\012\014\006\105 -\104\111\103\117\115\061\013\060\011\006\003\125\004\006\023\002 -\105\123\060\202\002\042\060\015\006\011\052\206\110\206\367\015 -\001\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202 -\002\001\000\377\222\225\341\150\006\166\264\054\310\130\110\312 -\375\200\124\051\125\143\044\377\220\145\233\020\165\173\303\152 -\333\142\002\001\362\030\206\265\174\132\070\261\344\130\271\373 -\323\330\055\237\275\062\067\277\054\025\155\276\265\364\041\322 -\023\221\331\007\255\001\005\326\363\275\167\316\137\102\201\012 -\371\152\343\203\000\250\053\056\125\023\143\201\312\107\034\173 -\134\026\127\172\033\203\140\004\072\076\145\303\315\001\336\336 -\244\326\014\272\216\336\331\004\356\027\126\042\233\217\143\375 -\115\026\013\267\173\167\214\371\045\265\321\155\231\022\056\117 -\032\270\346\352\004\222\256\075\021\271\121\102\075\207\260\061 -\205\257\171\132\234\376\347\116\136\222\117\103\374\253\072\255 -\245\022\046\146\271\342\014\327\230\316\324\130\245\225\100\012 -\267\104\235\023\164\053\302\245\353\042\025\230\020\330\213\305 -\004\237\035\217\140\345\006\033\233\317\271\171\240\075\242\043 -\077\102\077\153\372\034\003\173\060\215\316\154\300\277\346\033 -\137\277\147\270\204\031\325\025\357\173\313\220\066\061\142\311 -\274\002\253\106\137\233\376\032\150\224\064\075\220\216\255\366 -\344\035\011\177\112\210\070\077\276\147\375\064\226\365\035\274 -\060\164\313\070\356\325\154\253\324\374\364\000\267\000\133\205 -\062\026\166\063\351\330\243\231\235\005\000\252\026\346\363\201 -\175\157\175\252\206\155\255\025\164\323\304\242\161\252\364\024 -\175\347\062\270\037\274\325\361\116\275\157\027\002\071\327\016 -\225\102\072\307\000\076\351\046\143\021\352\013\321\112\377\030 -\235\262\327\173\057\072\331\226\373\350\036\222\256\023\125\310 -\331\047\366\334\110\033\260\044\301\205\343\167\235\232\244\363 -\014\021\035\015\310\264\024\356\265\202\127\011\277\040\130\177 -\057\042\043\330\160\313\171\154\311\113\362\251\052\310\374\207 -\053\327\032\120\370\047\350\057\103\343\072\275\330\127\161\375 -\316\246\122\133\371\335\115\355\345\366\157\211\355\273\223\234 -\166\041\165\360\222\114\051\367\057\234\001\056\376\120\106\236 -\144\014\024\263\007\133\305\302\163\154\361\007\134\105\044\024 -\065\256\203\361\152\115\211\172\372\263\330\055\146\360\066\207 -\365\053\123\002\003\001\000\001\243\201\252\060\201\247\060\017 -\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060 -\037\006\003\125\035\043\004\030\060\026\200\024\246\263\341\053 -\053\111\266\327\163\241\252\224\365\001\347\163\145\114\254\120 -\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\206 -\060\035\006\003\125\035\016\004\026\004\024\246\263\341\053\053 -\111\266\327\163\241\252\224\365\001\347\163\145\114\254\120\060 -\104\006\003\125\035\040\004\075\060\073\060\071\006\004\125\035 -\040\000\060\061\060\057\006\010\053\006\001\005\005\007\002\001 -\026\043\150\164\164\160\072\057\057\141\143\145\144\151\143\157 -\155\056\145\144\151\143\157\155\147\162\157\165\160\056\143\157 -\155\057\144\157\143\060\015\006\011\052\206\110\206\367\015\001 -\001\005\005\000\003\202\002\001\000\316\054\013\122\121\142\046 -\175\014\047\203\217\305\366\332\240\150\173\117\222\136\352\244 -\163\062\021\123\104\262\104\313\235\354\017\171\102\263\020\246 -\307\015\235\313\266\372\077\072\174\352\277\210\123\033\074\367 -\202\372\005\065\063\341\065\250\127\300\347\375\215\117\077\223 -\062\117\170\146\003\167\007\130\351\225\310\176\076\320\171\000 -\214\362\033\121\063\233\274\224\351\072\173\156\122\055\062\236 -\043\244\105\373\266\056\023\260\213\030\261\335\316\325\035\247 -\102\177\125\276\373\133\273\107\324\374\044\315\004\256\226\005 -\025\326\254\316\060\363\312\013\305\272\342\042\340\246\255\042 -\344\002\356\164\021\177\114\377\170\035\065\332\346\002\064\353 -\030\022\141\167\006\011\026\143\352\030\255\242\207\037\362\307 -\200\011\011\165\116\020\250\217\075\206\270\165\021\300\044\142 -\212\226\173\112\105\351\354\131\305\276\153\203\346\341\350\254 -\265\060\036\376\005\007\200\371\341\043\015\120\217\005\230\377 -\054\137\350\073\266\255\317\201\265\041\207\312\010\052\043\047 -\060\040\053\317\355\224\133\254\262\172\322\307\050\241\212\013 -\233\115\112\054\155\205\077\011\162\074\147\342\331\334\007\272 -\353\145\173\132\001\143\326\220\133\117\027\146\075\177\013\031 -\243\223\143\020\122\052\237\024\026\130\342\334\245\364\241\026 -\213\016\221\213\201\312\233\131\372\330\153\221\007\145\125\137 -\122\037\257\072\373\220\335\151\245\133\234\155\016\054\266\372 -\316\254\245\174\062\112\147\100\334\060\064\043\335\327\004\043 -\146\360\374\125\200\247\373\146\031\202\065\147\142\160\071\136 -\157\307\352\220\100\104\010\036\270\262\326\333\356\131\247\015 -\030\171\064\274\124\030\136\123\312\064\121\355\105\012\346\216 -\307\202\066\076\247\070\143\251\060\054\027\020\140\222\237\125 -\207\022\131\020\302\017\147\151\021\314\116\036\176\112\232\255 -\257\100\250\165\254\126\220\164\270\240\234\245\171\157\334\351 -\032\310\151\005\351\272\372\003\263\174\344\340\116\302\316\235 -\350\266\106\015\156\176\127\072\147\224\302\313\037\234\167\112 -\147\116\151\206\103\223\070\373\266\333\117\203\221\324\140\176 -\113\076\053\070\007\125\230\136\244 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "EDICOM" -# Issuer: C=ES,O=EDICOM,OU=PKI,CN=ACEDICOM Root -# Serial Number:61:8d:c7:86:3b:01:82:05 -# Subject: C=ES,O=EDICOM,OU=PKI,CN=ACEDICOM Root -# Not Valid Before: Fri Apr 18 16:24:22 2008 -# Not Valid After : Thu Apr 13 16:24:22 2028 -# Fingerprint (SHA-256): 03:95:0F:B4:9A:53:1F:3E:19:91:94:23:98:DF:A9:E0:EA:32:D7:BA:1C:DD:9B:C8:5D:B5:7E:D9:40:0B:43:4A -# Fingerprint (SHA1): E0:B4:32:2E:B2:F6:A5:68:B6:54:53:84:48:18:4A:50:36:87:43:84 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "EDICOM" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\340\264\062\056\262\366\245\150\266\124\123\204\110\030\112\120 -\066\207\103\204 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\102\201\240\342\034\343\125\020\336\125\211\102\145\226\042\346 -END -CKA_ISSUER MULTILINE_OCTAL -\060\104\061\026\060\024\006\003\125\004\003\014\015\101\103\105 -\104\111\103\117\115\040\122\157\157\164\061\014\060\012\006\003 -\125\004\013\014\003\120\113\111\061\017\060\015\006\003\125\004 -\012\014\006\105\104\111\103\117\115\061\013\060\011\006\003\125 -\004\006\023\002\105\123 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\141\215\307\206\073\001\202\005 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - - # # Certificate "Chambers of Commerce Root - 2008" # @@ -17288,222 +16158,50 @@ CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "Staat der Nederlanden Root CA - G2" +# Certificate "NetLock Arany (Class Gold) Fotanúsítvány" # -# Issuer: CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL -# Serial Number: 10000012 (0x98968c) -# Subject: CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL -# Not Valid Before: Wed Mar 26 11:18:17 2008 -# Not Valid After : Wed Mar 25 11:03:10 2020 -# Fingerprint (SHA-256): 66:8C:83:94:7D:A6:3B:72:4B:EC:E1:74:3C:31:A0:E6:AE:D0:DB:8E:C5:B3:1B:E3:77:BB:78:4F:91:B6:71:6F -# Fingerprint (SHA1): 59:AF:82:79:91:86:C7:B4:75:07:CB:CF:03:57:46:EB:04:DD:B7:16 +# Issuer: CN=NetLock Arany (Class Gold) F..tan..s..tv..ny,OU=Tan..s..tv..nykiad..k (Certification Services),O=NetLock Kft.,L=Budapest,C=HU +# Serial Number:49:41:2c:e4:00:10 +# Subject: CN=NetLock Arany (Class Gold) F..tan..s..tv..ny,OU=Tan..s..tv..nykiad..k (Certification Services),O=NetLock Kft.,L=Budapest,C=HU +# Not Valid Before: Thu Dec 11 15:08:21 2008 +# Not Valid After : Wed Dec 06 15:08:21 2028 +# Fingerprint (SHA-256): 6C:61:DA:C3:A2:DE:F0:31:50:6B:E0:36:D2:A6:FE:40:19:94:FB:D1:3D:F9:C8:D4:66:59:92:74:C4:46:EC:98 +# Fingerprint (SHA1): 06:08:3F:59:3F:15:A1:04:A0:69:A4:6B:A9:03:D0:06:B7:97:09:91 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Staat der Nederlanden Root CA - G2" +CKA_LABEL UTF8 "NetLock Arany (Class Gold) Fotanúsítvány" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\116\114\061 -\036\060\034\006\003\125\004\012\014\025\123\164\141\141\164\040 -\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\061 -\053\060\051\006\003\125\004\003\014\042\123\164\141\141\164\040 -\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\040 -\122\157\157\164\040\103\101\040\055\040\107\062 +\060\201\247\061\013\060\011\006\003\125\004\006\023\002\110\125 +\061\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160 +\145\163\164\061\025\060\023\006\003\125\004\012\014\014\116\145 +\164\114\157\143\153\040\113\146\164\056\061\067\060\065\006\003 +\125\004\013\014\056\124\141\156\303\272\163\303\255\164\166\303 +\241\156\171\153\151\141\144\303\263\153\040\050\103\145\162\164 +\151\146\151\143\141\164\151\157\156\040\123\145\162\166\151\143 +\145\163\051\061\065\060\063\006\003\125\004\003\014\054\116\145 +\164\114\157\143\153\040\101\162\141\156\171\040\050\103\154\141 +\163\163\040\107\157\154\144\051\040\106\305\221\164\141\156\303 +\272\163\303\255\164\166\303\241\156\171 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\116\114\061 -\036\060\034\006\003\125\004\012\014\025\123\164\141\141\164\040 -\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\061 -\053\060\051\006\003\125\004\003\014\042\123\164\141\141\164\040 -\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\040 -\122\157\157\164\040\103\101\040\055\040\107\062 +\060\201\247\061\013\060\011\006\003\125\004\006\023\002\110\125 +\061\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160 +\145\163\164\061\025\060\023\006\003\125\004\012\014\014\116\145 +\164\114\157\143\153\040\113\146\164\056\061\067\060\065\006\003 +\125\004\013\014\056\124\141\156\303\272\163\303\255\164\166\303 +\241\156\171\153\151\141\144\303\263\153\040\050\103\145\162\164 +\151\146\151\143\141\164\151\157\156\040\123\145\162\166\151\143 +\145\163\051\061\065\060\063\006\003\125\004\003\014\054\116\145 +\164\114\157\143\153\040\101\162\141\156\171\040\050\103\154\141 +\163\163\040\107\157\154\144\051\040\106\305\221\164\141\156\303 +\272\163\303\255\164\166\303\241\156\171 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\000\230\226\214 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\312\060\202\003\262\240\003\002\001\002\002\004\000 -\230\226\214\060\015\006\011\052\206\110\206\367\015\001\001\013 -\005\000\060\132\061\013\060\011\006\003\125\004\006\023\002\116 -\114\061\036\060\034\006\003\125\004\012\014\025\123\164\141\141 -\164\040\144\145\162\040\116\145\144\145\162\154\141\156\144\145 -\156\061\053\060\051\006\003\125\004\003\014\042\123\164\141\141 -\164\040\144\145\162\040\116\145\144\145\162\154\141\156\144\145 -\156\040\122\157\157\164\040\103\101\040\055\040\107\062\060\036 -\027\015\060\070\060\063\062\066\061\061\061\070\061\067\132\027 -\015\062\060\060\063\062\065\061\061\060\063\061\060\132\060\132 -\061\013\060\011\006\003\125\004\006\023\002\116\114\061\036\060 -\034\006\003\125\004\012\014\025\123\164\141\141\164\040\144\145 -\162\040\116\145\144\145\162\154\141\156\144\145\156\061\053\060 -\051\006\003\125\004\003\014\042\123\164\141\141\164\040\144\145 -\162\040\116\145\144\145\162\154\141\156\144\145\156\040\122\157 -\157\164\040\103\101\040\055\040\107\062\060\202\002\042\060\015 -\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\002 -\017\000\060\202\002\012\002\202\002\001\000\305\131\347\157\165 -\252\076\113\234\265\270\254\236\013\344\371\331\312\253\135\217 -\265\071\020\202\327\257\121\340\073\341\000\110\152\317\332\341 -\006\103\021\231\252\024\045\022\255\042\350\000\155\103\304\251 -\270\345\037\211\113\147\275\141\110\357\375\322\340\140\210\345 -\271\030\140\050\303\167\053\255\260\067\252\067\336\144\131\052 -\106\127\344\113\271\370\067\174\325\066\347\200\301\266\363\324 -\147\233\226\350\316\327\306\012\123\320\153\111\226\363\243\013 -\005\167\110\367\045\345\160\254\060\024\040\045\343\177\165\132 -\345\110\370\116\173\003\007\004\372\202\141\207\156\360\073\304 -\244\307\320\365\164\076\245\135\032\010\362\233\045\322\366\254 -\004\046\076\125\072\142\050\245\173\262\060\257\370\067\302\321 -\272\326\070\375\364\357\111\060\067\231\046\041\110\205\001\251 -\345\026\347\334\220\125\337\017\350\070\315\231\067\041\117\135 -\365\042\157\152\305\022\026\140\027\125\362\145\146\246\247\060 -\221\070\301\070\035\206\004\204\272\032\045\170\136\235\257\314 -\120\140\326\023\207\122\355\143\037\155\145\175\302\025\030\164 -\312\341\176\144\051\214\162\330\026\023\175\013\111\112\361\050 -\033\040\164\153\305\075\335\260\252\110\011\075\056\202\224\315 -\032\145\331\053\210\232\231\274\030\176\237\356\175\146\174\076 -\275\224\270\201\316\315\230\060\170\301\157\147\320\276\137\340 -\150\355\336\342\261\311\054\131\170\222\252\337\053\140\143\362 -\345\136\271\343\312\372\177\120\206\076\242\064\030\014\011\150 -\050\021\034\344\341\271\134\076\107\272\062\077\030\314\133\204 -\365\363\153\164\304\162\164\341\343\213\240\112\275\215\146\057 -\352\255\065\332\040\323\210\202\141\360\022\042\266\274\320\325 -\244\354\257\124\210\045\044\074\247\155\261\162\051\077\076\127 -\246\177\125\257\156\046\306\376\347\314\100\134\121\104\201\012 -\170\336\112\316\125\277\035\325\331\267\126\357\360\166\377\013 -\171\265\257\275\373\251\151\221\106\227\150\200\024\066\035\263 -\177\273\051\230\066\245\040\372\202\140\142\063\244\354\326\272 -\007\247\156\305\317\024\246\347\326\222\064\330\201\365\374\035 -\135\252\134\036\366\243\115\073\270\367\071\002\003\001\000\001 -\243\201\227\060\201\224\060\017\006\003\125\035\023\001\001\377 -\004\005\060\003\001\001\377\060\122\006\003\125\035\040\004\113 -\060\111\060\107\006\004\125\035\040\000\060\077\060\075\006\010 -\053\006\001\005\005\007\002\001\026\061\150\164\164\160\072\057 -\057\167\167\167\056\160\153\151\157\166\145\162\150\145\151\144 -\056\156\154\057\160\157\154\151\143\151\145\163\057\162\157\157 -\164\055\160\157\154\151\143\171\055\107\062\060\016\006\003\125 -\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003\125 -\035\016\004\026\004\024\221\150\062\207\025\035\211\342\265\361 -\254\066\050\064\215\013\174\142\210\353\060\015\006\011\052\206 -\110\206\367\015\001\001\013\005\000\003\202\002\001\000\250\101 -\112\147\052\222\201\202\120\156\341\327\330\263\071\073\363\002 -\025\011\120\121\357\055\275\044\173\210\206\073\371\264\274\222 -\011\226\271\366\300\253\043\140\006\171\214\021\116\121\322\171 -\200\063\373\235\110\276\354\101\103\201\037\176\107\100\034\345 -\172\010\312\252\213\165\255\024\304\302\350\146\074\202\007\247 -\346\047\202\133\030\346\017\156\331\120\076\212\102\030\051\306 -\264\126\374\126\020\240\005\027\275\014\043\177\364\223\355\234 -\032\121\276\335\105\101\277\221\044\264\037\214\351\137\317\173 -\041\231\237\225\237\071\072\106\034\154\371\315\173\234\220\315 -\050\251\307\251\125\273\254\142\064\142\065\023\113\024\072\125 -\203\271\206\215\222\246\306\364\007\045\124\314\026\127\022\112 -\202\170\310\024\331\027\202\046\055\135\040\037\171\256\376\324 -\160\026\026\225\203\330\065\071\377\122\135\165\034\026\305\023 -\125\317\107\314\165\145\122\112\336\360\260\247\344\012\226\013 -\373\255\302\342\045\204\262\335\344\275\176\131\154\233\360\360 -\330\347\312\362\351\227\070\176\211\276\314\373\071\027\141\077 -\162\333\072\221\330\145\001\031\035\255\120\244\127\012\174\113 -\274\234\161\163\052\105\121\031\205\314\216\375\107\247\164\225 -\035\250\321\257\116\027\261\151\046\302\252\170\127\133\305\115 -\247\345\236\005\027\224\312\262\137\240\111\030\215\064\351\046 -\154\110\036\252\150\222\005\341\202\163\132\233\334\007\133\010 -\155\175\235\327\215\041\331\374\024\040\252\302\105\337\077\347 -\000\262\121\344\302\370\005\271\171\032\214\064\363\236\133\344 -\067\133\153\112\337\054\127\212\100\132\066\272\335\165\104\010 -\067\102\160\014\376\334\136\041\240\243\212\300\220\234\150\332 -\120\346\105\020\107\170\266\116\322\145\311\303\067\337\341\102 -\143\260\127\067\105\055\173\212\234\277\005\352\145\125\063\367 -\071\020\305\050\052\041\172\033\212\304\044\371\077\025\310\232 -\025\040\365\125\142\226\355\155\223\120\274\344\252\170\255\331 -\313\012\145\207\246\146\301\304\201\243\167\072\130\036\013\356 -\203\213\235\036\322\122\244\314\035\157\260\230\155\224\061\265 -\370\161\012\334\271\374\175\062\140\346\353\257\212\001 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Staat der Nederlanden Root CA - G2" -# Issuer: CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL -# Serial Number: 10000012 (0x98968c) -# Subject: CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL -# Not Valid Before: Wed Mar 26 11:18:17 2008 -# Not Valid After : Wed Mar 25 11:03:10 2020 -# Fingerprint (SHA-256): 66:8C:83:94:7D:A6:3B:72:4B:EC:E1:74:3C:31:A0:E6:AE:D0:DB:8E:C5:B3:1B:E3:77:BB:78:4F:91:B6:71:6F -# Fingerprint (SHA1): 59:AF:82:79:91:86:C7:B4:75:07:CB:CF:03:57:46:EB:04:DD:B7:16 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Staat der Nederlanden Root CA - G2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\131\257\202\171\221\206\307\264\165\007\313\317\003\127\106\353 -\004\335\267\026 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\174\245\017\370\133\232\175\155\060\256\124\132\343\102\242\212 -END -CKA_ISSUER MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\116\114\061 -\036\060\034\006\003\125\004\012\014\025\123\164\141\141\164\040 -\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\061 -\053\060\051\006\003\125\004\003\014\042\123\164\141\141\164\040 -\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\040 -\122\157\157\164\040\103\101\040\055\040\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\000\230\226\214 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - - -# -# Certificate "NetLock Arany (Class Gold) Fotanúsítvány" -# -# Issuer: CN=NetLock Arany (Class Gold) F..tan..s..tv..ny,OU=Tan..s..tv..nykiad..k (Certification Services),O=NetLock Kft.,L=Budapest,C=HU -# Serial Number:49:41:2c:e4:00:10 -# Subject: CN=NetLock Arany (Class Gold) F..tan..s..tv..ny,OU=Tan..s..tv..nykiad..k (Certification Services),O=NetLock Kft.,L=Budapest,C=HU -# Not Valid Before: Thu Dec 11 15:08:21 2008 -# Not Valid After : Wed Dec 06 15:08:21 2028 -# Fingerprint (SHA-256): 6C:61:DA:C3:A2:DE:F0:31:50:6B:E0:36:D2:A6:FE:40:19:94:FB:D1:3D:F9:C8:D4:66:59:92:74:C4:46:EC:98 -# Fingerprint (SHA1): 06:08:3F:59:3F:15:A1:04:A0:69:A4:6B:A9:03:D0:06:B7:97:09:91 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "NetLock Arany (Class Gold) Fotanúsítvány" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\247\061\013\060\011\006\003\125\004\006\023\002\110\125 -\061\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160 -\145\163\164\061\025\060\023\006\003\125\004\012\014\014\116\145 -\164\114\157\143\153\040\113\146\164\056\061\067\060\065\006\003 -\125\004\013\014\056\124\141\156\303\272\163\303\255\164\166\303 -\241\156\171\153\151\141\144\303\263\153\040\050\103\145\162\164 -\151\146\151\143\141\164\151\157\156\040\123\145\162\166\151\143 -\145\163\051\061\065\060\063\006\003\125\004\003\014\054\116\145 -\164\114\157\143\153\040\101\162\141\156\171\040\050\103\154\141 -\163\163\040\107\157\154\144\051\040\106\305\221\164\141\156\303 -\272\163\303\255\164\166\303\241\156\171 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\247\061\013\060\011\006\003\125\004\006\023\002\110\125 -\061\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160 -\145\163\164\061\025\060\023\006\003\125\004\012\014\014\116\145 -\164\114\157\143\153\040\113\146\164\056\061\067\060\065\006\003 -\125\004\013\014\056\124\141\156\303\272\163\303\255\164\166\303 -\241\156\171\153\151\141\144\303\263\153\040\050\103\145\162\164 -\151\146\151\143\141\164\151\157\156\040\123\145\162\166\151\143 -\145\163\051\061\065\060\063\006\003\125\004\003\014\054\116\145 -\164\114\157\143\153\040\101\162\141\156\171\040\050\103\154\141 -\163\163\040\107\157\154\144\051\040\106\305\221\164\141\156\303 -\272\163\303\255\164\166\303\241\156\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\006\111\101\054\344\000\020 +\002\006\111\101\054\344\000\020 END CKA_VALUE MULTILINE_OCTAL \060\202\004\025\060\202\002\375\240\003\002\001\002\002\006\111 @@ -18373,143 +17071,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "POSTarCA" -# -# Issuer: OU=POSTArCA,O=POSTA,C=SI -# Serial Number: 1044616010 (0x3e43934a) -# Subject: OU=POSTArCA,O=POSTA,C=SI -# Not Valid Before: Fri Feb 07 10:36:58 2003 -# Not Valid After : Tue Feb 07 11:06:58 2023 -# Fingerprint (SHA-256): 00:7E:45:2F:D5:CF:83:89:46:69:6D:FE:37:A2:DB:2E:F3:99:14:36:D2:7B:CB:AB:45:92:20:53:C1:5A:87:A8 -# Fingerprint (SHA1): B1:EA:C3:E5:B8:24:76:E9:D5:0B:1E:C6:7D:2C:C1:1E:12:E0:B4:91 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "POSTarCA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\060\061\013\060\011\006\003\125\004\006\023\002\123\111\061 -\016\060\014\006\003\125\004\012\023\005\120\117\123\124\101\061 -\021\060\017\006\003\125\004\013\023\010\120\117\123\124\101\162 -\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\060\061\013\060\011\006\003\125\004\006\023\002\123\111\061 -\016\060\014\006\003\125\004\012\023\005\120\117\123\124\101\061 -\021\060\017\006\003\125\004\013\023\010\120\117\123\124\101\162 -\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\076\103\223\112 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\362\060\202\002\332\240\003\002\001\002\002\004\076 -\103\223\112\060\015\006\011\052\206\110\206\367\015\001\001\005 -\005\000\060\060\061\013\060\011\006\003\125\004\006\023\002\123 -\111\061\016\060\014\006\003\125\004\012\023\005\120\117\123\124 -\101\061\021\060\017\006\003\125\004\013\023\010\120\117\123\124 -\101\162\103\101\060\036\027\015\060\063\060\062\060\067\061\060 -\063\066\065\070\132\027\015\062\063\060\062\060\067\061\061\060 -\066\065\070\132\060\060\061\013\060\011\006\003\125\004\006\023 -\002\123\111\061\016\060\014\006\003\125\004\012\023\005\120\117 -\123\124\101\061\021\060\017\006\003\125\004\013\023\010\120\117 -\123\124\101\162\103\101\060\202\001\042\060\015\006\011\052\206 -\110\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202 -\001\012\002\202\001\001\000\233\354\277\176\073\303\367\057\016 -\254\302\257\103\110\130\353\171\225\015\013\262\244\323\213\010 -\024\212\275\267\211\247\022\370\107\143\144\272\305\305\250\322 -\043\122\027\172\011\243\002\337\316\016\246\012\377\321\313\164 -\311\113\076\355\043\134\376\256\014\057\115\051\055\164\076\240 -\132\027\066\262\333\125\234\114\212\153\311\237\140\371\307\240 -\133\313\303\112\010\074\341\115\353\244\363\164\161\264\127\236 -\200\243\222\000\054\350\202\043\031\300\113\265\021\202\016\167 -\362\167\161\065\222\244\201\345\372\031\056\023\167\160\123\310 -\053\031\271\122\201\050\324\017\156\353\270\030\140\111\261\373 -\175\277\177\231\055\251\346\133\031\056\214\121\256\317\330\244 -\367\162\327\361\176\005\226\014\064\156\125\110\354\046\202\252 -\101\376\045\134\122\213\226\177\025\344\147\244\040\262\011\335 -\360\235\251\365\160\203\034\161\106\122\042\112\233\122\000\023 -\351\223\251\166\351\154\203\160\265\144\112\005\071\250\317\326 -\143\236\060\025\343\311\242\234\323\335\140\267\006\071\105\226 -\002\045\200\224\123\123\013\002\003\001\000\001\243\202\001\022 -\060\202\001\016\060\021\006\011\140\206\110\001\206\370\102\001 -\001\004\004\003\002\000\007\060\122\006\003\125\035\037\004\113 -\060\111\060\107\240\105\240\103\244\101\060\077\061\013\060\011 -\006\003\125\004\006\023\002\123\111\061\016\060\014\006\003\125 -\004\012\023\005\120\117\123\124\101\061\021\060\017\006\003\125 -\004\013\023\010\120\117\123\124\101\162\103\101\061\015\060\013 -\006\003\125\004\003\023\004\103\122\114\061\060\053\006\003\125 -\035\020\004\044\060\042\200\017\062\060\060\063\060\062\060\067 -\061\060\063\066\065\070\132\201\017\062\060\062\063\060\062\060 -\067\061\061\060\066\065\070\132\060\013\006\003\125\035\017\004 -\004\003\002\001\006\060\037\006\003\125\035\043\004\030\060\026 -\200\024\077\275\315\216\337\276\321\153\145\104\077\140\354\352 -\102\056\060\160\037\150\060\035\006\003\125\035\016\004\026\004 -\024\077\275\315\216\337\276\321\153\145\104\077\140\354\352\102 -\056\060\160\037\150\060\014\006\003\125\035\023\004\005\060\003 -\001\001\377\060\035\006\011\052\206\110\206\366\175\007\101\000 -\004\020\060\016\033\010\126\066\056\060\072\064\056\060\003\002 -\004\220\060\015\006\011\052\206\110\206\367\015\001\001\005\005 -\000\003\202\001\001\000\076\337\247\257\121\010\221\111\305\161 -\052\243\101\023\154\013\351\213\032\060\215\021\267\013\115\126 -\252\100\107\323\071\376\171\370\253\150\354\224\173\006\021\073 -\103\206\142\163\303\255\056\324\223\036\363\254\067\313\036\303 -\145\073\270\267\073\156\172\223\261\221\161\151\105\353\170\042 -\253\214\355\112\332\124\261\057\064\236\136\032\223\332\110\272 -\022\332\064\116\026\203\101\115\042\363\161\337\036\036\323\002 -\270\334\124\201\322\027\031\360\365\051\022\063\130\213\003\045 -\153\133\100\265\034\073\025\023\126\037\263\111\056\366\322\204 -\154\344\222\233\023\232\113\216\203\202\250\034\326\254\146\332 -\020\267\157\172\025\344\272\332\034\156\014\174\153\334\217\363 -\372\026\031\174\210\232\034\343\045\001\162\331\067\212\324\157 -\176\207\070\274\123\125\111\202\025\312\277\230\250\261\076\254 -\116\340\311\112\044\025\156\242\321\211\162\323\307\015\272\355 -\145\002\337\252\114\263\227\143\156\076\042\306\252\331\074\074 -\002\202\210\364\227\103\243\131\235\341\342\367\110\111\133\252 -\226\302\332\352\031\006 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "POSTarCA" -# Issuer: OU=POSTArCA,O=POSTA,C=SI -# Serial Number: 1044616010 (0x3e43934a) -# Subject: OU=POSTArCA,O=POSTA,C=SI -# Not Valid Before: Fri Feb 07 10:36:58 2003 -# Not Valid After : Tue Feb 07 11:06:58 2023 -# Fingerprint (SHA-256): 00:7E:45:2F:D5:CF:83:89:46:69:6D:FE:37:A2:DB:2E:F3:99:14:36:D2:7B:CB:AB:45:92:20:53:C1:5A:87:A8 -# Fingerprint (SHA1): B1:EA:C3:E5:B8:24:76:E9:D5:0B:1E:C6:7D:2C:C1:1E:12:E0:B4:91 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "POSTarCA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\261\352\303\345\270\044\166\351\325\013\036\306\175\054\301\036 -\022\340\264\221 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\054\157\027\243\225\142\001\040\145\322\007\156\374\270\077\155 -END -CKA_ISSUER MULTILINE_OCTAL -\060\060\061\013\060\011\006\003\125\004\006\023\002\123\111\061 -\016\060\014\006\003\125\004\012\023\005\120\117\123\124\101\061 -\021\060\017\006\003\125\004\013\023\010\120\117\123\124\101\162 -\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\076\103\223\112 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - - # # Certificate "Izenpe.com" # @@ -19359,274 +17920,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "Cybertrust Global Root" -# -# Issuer: CN=Cybertrust Global Root,O="Cybertrust, Inc" -# Serial Number:04:00:00:00:00:01:0f:85:aa:2d:48 -# Subject: CN=Cybertrust Global Root,O="Cybertrust, Inc" -# Not Valid Before: Fri Dec 15 08:00:00 2006 -# Not Valid After : Wed Dec 15 08:00:00 2021 -# Fingerprint (SHA-256): 96:0A:DF:00:63:E9:63:56:75:0C:29:65:DD:0A:08:67:DA:0B:9C:BD:6E:77:71:4A:EA:FB:23:49:AB:39:3D:A3 -# Fingerprint (SHA1): 5F:43:E5:B1:BF:F8:78:8C:AC:1C:C7:CA:4A:9A:C6:22:2B:CC:34:C6 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Cybertrust Global Root" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\073\061\030\060\026\006\003\125\004\012\023\017\103\171\142 -\145\162\164\162\165\163\164\054\040\111\156\143\061\037\060\035 -\006\003\125\004\003\023\026\103\171\142\145\162\164\162\165\163 -\164\040\107\154\157\142\141\154\040\122\157\157\164 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\073\061\030\060\026\006\003\125\004\012\023\017\103\171\142 -\145\162\164\162\165\163\164\054\040\111\156\143\061\037\060\035 -\006\003\125\004\003\023\026\103\171\142\145\162\164\162\165\163 -\164\040\107\154\157\142\141\154\040\122\157\157\164 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\013\004\000\000\000\000\001\017\205\252\055\110 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\241\060\202\002\211\240\003\002\001\002\002\013\004 -\000\000\000\000\001\017\205\252\055\110\060\015\006\011\052\206 -\110\206\367\015\001\001\005\005\000\060\073\061\030\060\026\006 -\003\125\004\012\023\017\103\171\142\145\162\164\162\165\163\164 -\054\040\111\156\143\061\037\060\035\006\003\125\004\003\023\026 -\103\171\142\145\162\164\162\165\163\164\040\107\154\157\142\141 -\154\040\122\157\157\164\060\036\027\015\060\066\061\062\061\065 -\060\070\060\060\060\060\132\027\015\062\061\061\062\061\065\060 -\070\060\060\060\060\132\060\073\061\030\060\026\006\003\125\004 -\012\023\017\103\171\142\145\162\164\162\165\163\164\054\040\111 -\156\143\061\037\060\035\006\003\125\004\003\023\026\103\171\142 -\145\162\164\162\165\163\164\040\107\154\157\142\141\154\040\122 -\157\157\164\060\202\001\042\060\015\006\011\052\206\110\206\367 -\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002 -\202\001\001\000\370\310\274\275\024\120\146\023\377\360\323\171 -\354\043\362\267\032\307\216\205\361\022\163\246\031\252\020\333 -\234\242\145\164\132\167\076\121\175\126\366\334\043\266\324\355 -\137\130\261\067\115\325\111\016\156\365\152\207\326\322\214\322 -\047\306\342\377\066\237\230\145\240\023\116\306\052\144\233\325 -\220\022\317\024\006\364\073\343\324\050\276\350\016\370\253\116 -\110\224\155\216\225\061\020\134\355\242\055\275\325\072\155\262 -\034\273\140\300\106\113\001\365\111\256\176\106\212\320\164\215 -\241\014\002\316\356\374\347\217\270\153\146\363\177\104\000\277 -\146\045\024\053\335\020\060\035\007\226\077\115\366\153\270\217 -\267\173\014\245\070\353\336\107\333\325\135\071\374\210\247\363 -\327\052\164\361\350\132\242\073\237\120\272\246\214\105\065\302 -\120\145\225\334\143\202\357\335\277\167\115\234\142\311\143\163 -\026\320\051\017\111\251\110\360\263\252\267\154\305\247\060\071 -\100\135\256\304\342\135\046\123\360\316\034\043\010\141\250\224 -\031\272\004\142\100\354\037\070\160\167\022\006\161\247\060\030 -\135\045\047\245\002\003\001\000\001\243\201\245\060\201\242\060 -\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060 -\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377 -\060\035\006\003\125\035\016\004\026\004\024\266\010\173\015\172 -\314\254\040\114\206\126\062\136\317\253\156\205\055\160\127\060 -\077\006\003\125\035\037\004\070\060\066\060\064\240\062\240\060 -\206\056\150\164\164\160\072\057\057\167\167\167\062\056\160\165 -\142\154\151\143\055\164\162\165\163\164\056\143\157\155\057\143 -\162\154\057\143\164\057\143\164\162\157\157\164\056\143\162\154 -\060\037\006\003\125\035\043\004\030\060\026\200\024\266\010\173 -\015\172\314\254\040\114\206\126\062\136\317\253\156\205\055\160 -\127\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000 -\003\202\001\001\000\126\357\012\043\240\124\116\225\227\311\370 -\211\332\105\301\324\243\000\045\364\037\023\253\267\243\205\130 -\151\302\060\255\330\025\212\055\343\311\315\201\132\370\163\043 -\132\247\174\005\363\375\042\073\016\321\006\304\333\066\114\163 -\004\216\345\260\042\344\305\363\056\245\331\043\343\270\116\112 -\040\247\156\002\044\237\042\140\147\173\213\035\162\011\305\061 -\134\351\171\237\200\107\075\255\241\013\007\024\075\107\377\003 -\151\032\014\013\104\347\143\045\247\177\262\311\270\166\204\355 -\043\366\175\007\253\105\176\323\337\263\277\351\212\266\315\250 -\242\147\053\122\325\267\145\360\071\114\143\240\221\171\223\122 -\017\124\335\203\273\237\321\217\247\123\163\303\313\377\060\354 -\174\004\270\330\104\037\223\137\161\011\042\267\156\076\352\034 -\003\116\235\032\040\141\373\201\067\354\136\374\012\105\253\327 -\347\027\125\320\240\352\140\233\246\366\343\214\133\051\302\006 -\140\024\235\055\227\114\251\223\025\235\141\304\001\137\110\326 -\130\275\126\061\022\116\021\310\041\340\263\021\221\145\333\264 -\246\210\070\316\125 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Cybertrust Global Root" -# Issuer: CN=Cybertrust Global Root,O="Cybertrust, Inc" -# Serial Number:04:00:00:00:00:01:0f:85:aa:2d:48 -# Subject: CN=Cybertrust Global Root,O="Cybertrust, Inc" -# Not Valid Before: Fri Dec 15 08:00:00 2006 -# Not Valid After : Wed Dec 15 08:00:00 2021 -# Fingerprint (SHA-256): 96:0A:DF:00:63:E9:63:56:75:0C:29:65:DD:0A:08:67:DA:0B:9C:BD:6E:77:71:4A:EA:FB:23:49:AB:39:3D:A3 -# Fingerprint (SHA1): 5F:43:E5:B1:BF:F8:78:8C:AC:1C:C7:CA:4A:9A:C6:22:2B:CC:34:C6 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Cybertrust Global Root" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\137\103\345\261\277\370\170\214\254\034\307\312\112\232\306\042 -\053\314\064\306 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\162\344\112\207\343\151\100\200\167\352\274\343\364\377\360\341 -END -CKA_ISSUER MULTILINE_OCTAL -\060\073\061\030\060\026\006\003\125\004\012\023\017\103\171\142 -\145\162\164\162\165\163\164\054\040\111\156\143\061\037\060\035 -\006\003\125\004\003\023\026\103\171\142\145\162\164\162\165\163 -\164\040\107\154\157\142\141\154\040\122\157\157\164 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\013\004\000\000\000\000\001\017\205\252\055\110 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - - -# -# Certificate "Google Trust Services - GlobalSign Root CA-R2" -# -# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2 -# Serial Number:04:00:00:00:00:01:0f:86:26:e6:0d -# Subject: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2 -# Not Valid Before: Fri Dec 15 08:00:00 2006 -# Not Valid After : Wed Dec 15 08:00:00 2021 -# Fingerprint (SHA-256): CA:42:DD:41:74:5F:D0:B8:1E:B9:02:36:2C:F9:D8:BF:71:9D:A1:BD:1B:1E:FC:94:6F:5B:4C:99:F4:2C:1B:9E -# Fingerprint (SHA1): 75:E0:AB:B6:13:85:12:27:1C:04:F8:5F:DD:DE:38:E4:B7:24:2E:FE -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Google Trust Services - GlobalSign Root CA-R2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\114\061\040\060\036\006\003\125\004\013\023\027\107\154\157 -\142\141\154\123\151\147\156\040\122\157\157\164\040\103\101\040 -\055\040\122\062\061\023\060\021\006\003\125\004\012\023\012\107 -\154\157\142\141\154\123\151\147\156\061\023\060\021\006\003\125 -\004\003\023\012\107\154\157\142\141\154\123\151\147\156 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\114\061\040\060\036\006\003\125\004\013\023\027\107\154\157 -\142\141\154\123\151\147\156\040\122\157\157\164\040\103\101\040 -\055\040\122\062\061\023\060\021\006\003\125\004\012\023\012\107 -\154\157\142\141\154\123\151\147\156\061\023\060\021\006\003\125 -\004\003\023\012\107\154\157\142\141\154\123\151\147\156 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\013\004\000\000\000\000\001\017\206\046\346\015 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\272\060\202\002\242\240\003\002\001\002\002\013\004 -\000\000\000\000\001\017\206\046\346\015\060\015\006\011\052\206 -\110\206\367\015\001\001\005\005\000\060\114\061\040\060\036\006 -\003\125\004\013\023\027\107\154\157\142\141\154\123\151\147\156 -\040\122\157\157\164\040\103\101\040\055\040\122\062\061\023\060 -\021\006\003\125\004\012\023\012\107\154\157\142\141\154\123\151 -\147\156\061\023\060\021\006\003\125\004\003\023\012\107\154\157 -\142\141\154\123\151\147\156\060\036\027\015\060\066\061\062\061 -\065\060\070\060\060\060\060\132\027\015\062\061\061\062\061\065 -\060\070\060\060\060\060\132\060\114\061\040\060\036\006\003\125 -\004\013\023\027\107\154\157\142\141\154\123\151\147\156\040\122 -\157\157\164\040\103\101\040\055\040\122\062\061\023\060\021\006 -\003\125\004\012\023\012\107\154\157\142\141\154\123\151\147\156 -\061\023\060\021\006\003\125\004\003\023\012\107\154\157\142\141 -\154\123\151\147\156\060\202\001\042\060\015\006\011\052\206\110 -\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001 -\012\002\202\001\001\000\246\317\044\016\276\056\157\050\231\105 -\102\304\253\076\041\124\233\013\323\177\204\160\372\022\263\313 -\277\207\137\306\177\206\323\262\060\134\326\375\255\361\173\334 -\345\370\140\226\011\222\020\365\320\123\336\373\173\176\163\210 -\254\122\210\173\112\246\312\111\246\136\250\247\214\132\021\274 -\172\202\353\276\214\351\263\254\226\045\007\227\112\231\052\007 -\057\264\036\167\277\212\017\265\002\174\033\226\270\305\271\072 -\054\274\326\022\271\353\131\175\342\320\006\206\137\136\111\152 -\265\071\136\210\064\354\274\170\014\010\230\204\154\250\315\113 -\264\240\175\014\171\115\360\270\055\313\041\312\325\154\133\175 -\341\240\051\204\241\371\323\224\111\313\044\142\221\040\274\335 -\013\325\331\314\371\352\047\012\053\163\221\306\235\033\254\310 -\313\350\340\240\364\057\220\213\115\373\260\066\033\366\031\172 -\205\340\155\362\141\023\210\134\237\340\223\012\121\227\212\132 -\316\257\253\325\367\252\011\252\140\275\334\331\137\337\162\251 -\140\023\136\000\001\311\112\372\077\244\352\007\003\041\002\216 -\202\312\003\302\233\217\002\003\001\000\001\243\201\234\060\201 -\231\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001 -\006\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001 -\001\377\060\035\006\003\125\035\016\004\026\004\024\233\342\007 -\127\147\034\036\300\152\006\336\131\264\232\055\337\334\031\206 -\056\060\066\006\003\125\035\037\004\057\060\055\060\053\240\051 -\240\047\206\045\150\164\164\160\072\057\057\143\162\154\056\147 -\154\157\142\141\154\163\151\147\156\056\156\145\164\057\162\157 -\157\164\055\162\062\056\143\162\154\060\037\006\003\125\035\043 -\004\030\060\026\200\024\233\342\007\127\147\034\036\300\152\006 -\336\131\264\232\055\337\334\031\206\056\060\015\006\011\052\206 -\110\206\367\015\001\001\005\005\000\003\202\001\001\000\231\201 -\123\207\034\150\227\206\221\354\340\112\270\104\013\253\201\254 -\047\117\326\301\270\034\103\170\263\014\232\374\352\054\074\156 -\141\033\115\113\051\365\237\005\035\046\301\270\351\203\000\142 -\105\266\251\010\223\271\251\063\113\030\232\302\370\207\210\116 -\333\335\161\064\032\301\124\332\106\077\340\323\052\253\155\124 -\042\365\072\142\315\040\157\272\051\211\327\335\221\356\323\134 -\242\076\241\133\101\365\337\345\144\103\055\351\325\071\253\322 -\242\337\267\213\320\300\200\031\034\105\300\055\214\350\370\055 -\244\164\126\111\305\005\265\117\025\336\156\104\170\071\207\250 -\176\273\363\171\030\221\273\364\157\235\301\360\214\065\214\135 -\001\373\303\155\271\357\104\155\171\106\061\176\012\376\251\202 -\301\377\357\253\156\040\304\120\311\137\235\115\233\027\214\014 -\345\001\311\240\101\152\163\123\372\245\120\264\156\045\017\373 -\114\030\364\375\122\331\216\151\261\350\021\017\336\210\330\373 -\035\111\367\252\336\225\317\040\170\302\140\022\333\045\100\214 -\152\374\176\102\070\100\144\022\367\236\201\341\223\056 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Google Trust Services - GlobalSign Root CA-R2" -# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2 -# Serial Number:04:00:00:00:00:01:0f:86:26:e6:0d -# Subject: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2 -# Not Valid Before: Fri Dec 15 08:00:00 2006 -# Not Valid After : Wed Dec 15 08:00:00 2021 -# Fingerprint (SHA-256): CA:42:DD:41:74:5F:D0:B8:1E:B9:02:36:2C:F9:D8:BF:71:9D:A1:BD:1B:1E:FC:94:6F:5B:4C:99:F4:2C:1B:9E -# Fingerprint (SHA1): 75:E0:AB:B6:13:85:12:27:1C:04:F8:5F:DD:DE:38:E4:B7:24:2E:FE -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Google Trust Services - GlobalSign Root CA-R2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\165\340\253\266\023\205\022\047\034\004\370\137\335\336\070\344 -\267\044\056\376 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\224\024\167\176\076\136\375\217\060\275\101\260\317\347\320\060 -END -CKA_ISSUER MULTILINE_OCTAL -\060\114\061\040\060\036\006\003\125\004\013\023\027\107\154\157 -\142\141\154\123\151\147\156\040\122\157\157\164\040\103\101\040 -\055\040\122\062\061\023\060\021\006\003\125\004\012\023\012\107 -\154\157\142\141\154\123\151\147\156\061\023\060\021\006\003\125 -\004\003\023\012\107\154\157\142\141\154\123\151\147\156 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\013\004\000\000\000\000\001\017\206\046\346\015 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - - # # Certificate "OISTE WISeKey Global Root GB CA" # @@ -22514,173 +20807,42 @@ CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "DST Root CA X3" +# Certificate "KISA RootCA 1" # -# Issuer: CN=DST Root CA X3,O=Digital Signature Trust Co. -# Serial Number:44:af:b0:80:d6:a3:27:ba:89:30:39:86:2e:f8:40:6b -# Subject: CN=DST Root CA X3,O=Digital Signature Trust Co. -# Not Valid Before: Sat Sep 30 21:12:19 2000 -# Not Valid After : Thu Sep 30 14:01:15 2021 -# Fingerprint (SHA-256): 06:87:26:03:31:A7:24:03:D9:09:F1:05:E6:9B:CF:0D:32:E1:BD:24:93:FF:C6:D9:20:6D:11:BC:D6:77:07:39 -# Fingerprint (SHA1): DA:C9:02:4F:54:D8:F6:DF:94:93:5F:B1:73:26:38:CA:6A:D7:7C:13 +# Issuer: CN=KISA RootCA 1,OU=Korea Certification Authority Central,O=KISA,C=KR +# Serial Number: 4 (0x4) +# Subject: CN=KISA RootCA 1,OU=Korea Certification Authority Central,O=KISA,C=KR +# Not Valid Before: Wed Aug 24 08:05:46 2005 +# Not Valid After : Sun Aug 24 08:05:46 2025 +# Fingerprint (SHA-256): 6F:DB:3F:76:C8:B8:01:A7:53:38:D8:A5:0A:7C:02:87:9F:61:98:B5:7E:59:4D:31:8D:38:32:90:0F:ED:CD:79 +# Fingerprint (SHA1): 02:72:68:29:3E:5F:5D:17:AA:A4:B3:C3:E6:36:1E:1F:92:57:5E:AA CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "DST Root CA X3" +CKA_LABEL UTF8 "KISA RootCA 1" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\077\061\044\060\042\006\003\125\004\012\023\033\104\151\147 -\151\164\141\154\040\123\151\147\156\141\164\165\162\145\040\124 -\162\165\163\164\040\103\157\056\061\027\060\025\006\003\125\004 -\003\023\016\104\123\124\040\122\157\157\164\040\103\101\040\130 -\063 +\060\144\061\013\060\011\006\003\125\004\006\023\002\113\122\061 +\015\060\013\006\003\125\004\012\014\004\113\111\123\101\061\056 +\060\054\006\003\125\004\013\014\045\113\157\162\145\141\040\103 +\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164 +\150\157\162\151\164\171\040\103\145\156\164\162\141\154\061\026 +\060\024\006\003\125\004\003\014\015\113\111\123\101\040\122\157 +\157\164\103\101\040\061 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\077\061\044\060\042\006\003\125\004\012\023\033\104\151\147 -\151\164\141\154\040\123\151\147\156\141\164\165\162\145\040\124 -\162\165\163\164\040\103\157\056\061\027\060\025\006\003\125\004 -\003\023\016\104\123\124\040\122\157\157\164\040\103\101\040\130 -\063 +\060\144\061\013\060\011\006\003\125\004\006\023\002\113\122\061 +\015\060\013\006\003\125\004\012\014\004\113\111\123\101\061\056 +\060\054\006\003\125\004\013\014\045\113\157\162\145\141\040\103 +\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164 +\150\157\162\151\164\171\040\103\145\156\164\162\141\154\061\026 +\060\024\006\003\125\004\003\014\015\113\111\123\101\040\122\157 +\157\164\103\101\040\061 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\104\257\260\200\326\243\047\272\211\060\071\206\056\370 -\100\153 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\112\060\202\002\062\240\003\002\001\002\002\020\104 -\257\260\200\326\243\047\272\211\060\071\206\056\370\100\153\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\077 -\061\044\060\042\006\003\125\004\012\023\033\104\151\147\151\164 -\141\154\040\123\151\147\156\141\164\165\162\145\040\124\162\165 -\163\164\040\103\157\056\061\027\060\025\006\003\125\004\003\023 -\016\104\123\124\040\122\157\157\164\040\103\101\040\130\063\060 -\036\027\015\060\060\060\071\063\060\062\061\061\062\061\071\132 -\027\015\062\061\060\071\063\060\061\064\060\061\061\065\132\060 -\077\061\044\060\042\006\003\125\004\012\023\033\104\151\147\151 -\164\141\154\040\123\151\147\156\141\164\165\162\145\040\124\162 -\165\163\164\040\103\157\056\061\027\060\025\006\003\125\004\003 -\023\016\104\123\124\040\122\157\157\164\040\103\101\040\130\063 -\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001 -\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001 -\000\337\257\351\227\120\010\203\127\264\314\142\145\366\220\202 -\354\307\323\054\153\060\312\133\354\331\303\175\307\100\301\030 -\024\213\340\350\063\166\111\052\343\077\041\111\223\254\116\016 -\257\076\110\313\145\356\374\323\041\017\145\322\052\331\062\217 -\214\345\367\167\260\022\173\265\225\300\211\243\251\272\355\163 -\056\172\014\006\062\203\242\176\212\024\060\315\021\240\341\052 -\070\271\171\012\061\375\120\275\200\145\337\267\121\143\203\310 -\342\210\141\352\113\141\201\354\122\153\271\242\342\113\032\050 -\237\110\243\236\014\332\011\216\076\027\056\036\335\040\337\133 -\306\052\212\253\056\275\160\255\305\013\032\045\220\164\162\305 -\173\152\253\064\326\060\211\377\345\150\023\173\124\013\310\326 -\256\354\132\234\222\036\075\144\263\214\306\337\277\311\101\160 -\354\026\162\325\046\354\070\125\071\103\320\374\375\030\134\100 -\361\227\353\325\232\233\215\035\272\332\045\271\306\330\337\301 -\025\002\072\253\332\156\361\076\056\365\134\010\234\074\326\203 -\151\344\020\233\031\052\266\051\127\343\345\075\233\237\360\002 -\135\002\003\001\000\001\243\102\060\100\060\017\006\003\125\035 -\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003\125 -\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003\125 -\035\016\004\026\004\024\304\247\261\244\173\054\161\372\333\341 -\113\220\165\377\304\025\140\205\211\020\060\015\006\011\052\206 -\110\206\367\015\001\001\005\005\000\003\202\001\001\000\243\032 -\054\233\027\000\134\251\036\356\050\146\067\072\277\203\307\077 -\113\303\011\240\225\040\135\343\331\131\104\322\076\015\076\275 -\212\113\240\164\037\316\020\202\234\164\032\035\176\230\032\335 -\313\023\113\263\040\104\344\221\351\314\374\175\245\333\152\345 -\376\346\375\340\116\335\267\000\072\265\160\111\257\362\345\353 -\002\361\321\002\213\031\313\224\072\136\110\304\030\036\130\031 -\137\036\002\132\360\014\361\261\255\251\334\131\206\213\156\351 -\221\365\206\312\372\271\146\063\252\131\133\316\342\247\026\163 -\107\313\053\314\231\260\067\110\317\343\126\113\365\317\017\014 -\162\062\207\306\360\104\273\123\162\155\103\365\046\110\232\122 -\147\267\130\253\376\147\166\161\170\333\015\242\126\024\023\071 -\044\061\205\242\250\002\132\060\107\341\335\120\007\274\002\011 -\220\000\353\144\143\140\233\026\274\210\311\022\346\322\175\221 -\213\371\075\062\215\145\264\351\174\261\127\166\352\305\266\050 -\071\277\025\145\034\310\366\167\226\152\012\215\167\013\330\221 -\013\004\216\007\333\051\266\012\356\235\202\065\065\020 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "DST Root CA X3" -# Issuer: CN=DST Root CA X3,O=Digital Signature Trust Co. -# Serial Number:44:af:b0:80:d6:a3:27:ba:89:30:39:86:2e:f8:40:6b -# Subject: CN=DST Root CA X3,O=Digital Signature Trust Co. -# Not Valid Before: Sat Sep 30 21:12:19 2000 -# Not Valid After : Thu Sep 30 14:01:15 2021 -# Fingerprint (SHA-256): 06:87:26:03:31:A7:24:03:D9:09:F1:05:E6:9B:CF:0D:32:E1:BD:24:93:FF:C6:D9:20:6D:11:BC:D6:77:07:39 -# Fingerprint (SHA1): DA:C9:02:4F:54:D8:F6:DF:94:93:5F:B1:73:26:38:CA:6A:D7:7C:13 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "DST Root CA X3" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\332\311\002\117\124\330\366\337\224\223\137\261\163\046\070\312 -\152\327\174\023 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\101\003\122\334\017\367\120\033\026\360\002\216\272\157\105\305 -END -CKA_ISSUER MULTILINE_OCTAL -\060\077\061\044\060\042\006\003\125\004\012\023\033\104\151\147 -\151\164\141\154\040\123\151\147\156\141\164\165\162\145\040\124 -\162\165\163\164\040\103\157\056\061\027\060\025\006\003\125\004 -\003\023\016\104\123\124\040\122\157\157\164\040\103\101\040\130 -\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\104\257\260\200\326\243\047\272\211\060\071\206\056\370 -\100\153 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - - -# -# Certificate "KISA RootCA 1" -# -# Issuer: CN=KISA RootCA 1,OU=Korea Certification Authority Central,O=KISA,C=KR -# Serial Number: 4 (0x4) -# Subject: CN=KISA RootCA 1,OU=Korea Certification Authority Central,O=KISA,C=KR -# Not Valid Before: Wed Aug 24 08:05:46 2005 -# Not Valid After : Sun Aug 24 08:05:46 2025 -# Fingerprint (SHA-256): 6F:DB:3F:76:C8:B8:01:A7:53:38:D8:A5:0A:7C:02:87:9F:61:98:B5:7E:59:4D:31:8D:38:32:90:0F:ED:CD:79 -# Fingerprint (SHA1): 02:72:68:29:3E:5F:5D:17:AA:A4:B3:C3:E6:36:1E:1F:92:57:5E:AA -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "KISA RootCA 1" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\144\061\013\060\011\006\003\125\004\006\023\002\113\122\061 -\015\060\013\006\003\125\004\012\014\004\113\111\123\101\061\056 -\060\054\006\003\125\004\013\014\045\113\157\162\145\141\040\103 -\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164 -\150\157\162\151\164\171\040\103\145\156\164\162\141\154\061\026 -\060\024\006\003\125\004\003\014\015\113\111\123\101\040\122\157 -\157\164\103\101\040\061 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\144\061\013\060\011\006\003\125\004\006\023\002\113\122\061 -\015\060\013\006\003\125\004\012\014\004\113\111\123\101\061\056 -\060\054\006\003\125\004\013\014\045\113\157\162\145\141\040\103 -\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164 -\150\157\162\151\164\171\040\103\145\156\164\162\141\154\061\026 -\060\024\006\003\125\004\003\014\015\113\111\123\101\040\122\157 -\157\164\103\101\040\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\004 +\002\001\004 END CKA_VALUE MULTILINE_OCTAL \060\202\003\163\060\202\002\133\240\003\002\001\002\002\001\004 @@ -23077,149 +21239,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "Visa eCommerce Root" -# -# Issuer: CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US -# Serial Number:13:86:35:4d:1d:3f:06:f2:c1:f9:65:05:d5:90:1c:62 -# Subject: CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US -# Not Valid Before: Wed Jun 26 02:18:36 2002 -# Not Valid After : Fri Jun 24 00:16:12 2022 -# Fingerprint (SHA-256): 69:FA:C9:BD:55:FB:0A:C7:8D:53:BB:EE:5C:F1:D5:97:98:9F:D0:AA:AB:20:A2:51:51:BD:F1:73:3E:E7:D1:22 -# Fingerprint (SHA1): 70:17:9B:86:8C:00:A4:FA:60:91:52:22:3F:9F:3E:32:BD:E0:05:62 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Visa eCommerce Root" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\153\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\015\060\013\006\003\125\004\012\023\004\126\111\123\101\061\057 -\060\055\006\003\125\004\013\023\046\126\151\163\141\040\111\156 -\164\145\162\156\141\164\151\157\156\141\154\040\123\145\162\166 -\151\143\145\040\101\163\163\157\143\151\141\164\151\157\156\061 -\034\060\032\006\003\125\004\003\023\023\126\151\163\141\040\145 -\103\157\155\155\145\162\143\145\040\122\157\157\164 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\153\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\015\060\013\006\003\125\004\012\023\004\126\111\123\101\061\057 -\060\055\006\003\125\004\013\023\046\126\151\163\141\040\111\156 -\164\145\162\156\141\164\151\157\156\141\154\040\123\145\162\166 -\151\143\145\040\101\163\163\157\143\151\141\164\151\157\156\061 -\034\060\032\006\003\125\004\003\023\023\126\151\163\141\040\145 -\103\157\155\155\145\162\143\145\040\122\157\157\164 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\023\206\065\115\035\077\006\362\301\371\145\005\325\220 -\034\142 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\242\060\202\002\212\240\003\002\001\002\002\020\023 -\206\065\115\035\077\006\362\301\371\145\005\325\220\034\142\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\153 -\061\013\060\011\006\003\125\004\006\023\002\125\123\061\015\060 -\013\006\003\125\004\012\023\004\126\111\123\101\061\057\060\055 -\006\003\125\004\013\023\046\126\151\163\141\040\111\156\164\145 -\162\156\141\164\151\157\156\141\154\040\123\145\162\166\151\143 -\145\040\101\163\163\157\143\151\141\164\151\157\156\061\034\060 -\032\006\003\125\004\003\023\023\126\151\163\141\040\145\103\157 -\155\155\145\162\143\145\040\122\157\157\164\060\036\027\015\060 -\062\060\066\062\066\060\062\061\070\063\066\132\027\015\062\062 -\060\066\062\064\060\060\061\066\061\062\132\060\153\061\013\060 -\011\006\003\125\004\006\023\002\125\123\061\015\060\013\006\003 -\125\004\012\023\004\126\111\123\101\061\057\060\055\006\003\125 -\004\013\023\046\126\151\163\141\040\111\156\164\145\162\156\141 -\164\151\157\156\141\154\040\123\145\162\166\151\143\145\040\101 -\163\163\157\143\151\141\164\151\157\156\061\034\060\032\006\003 -\125\004\003\023\023\126\151\163\141\040\145\103\157\155\155\145 -\162\143\145\040\122\157\157\164\060\202\001\042\060\015\006\011 -\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000 -\060\202\001\012\002\202\001\001\000\257\127\336\126\036\156\241 -\332\140\261\224\047\313\027\333\007\077\200\205\117\310\234\266 -\320\364\157\117\317\231\330\341\333\302\110\134\072\254\071\063 -\307\037\152\213\046\075\053\065\365\110\261\221\301\002\116\004 -\226\221\173\260\063\360\261\024\116\021\157\265\100\257\033\105 -\245\112\357\176\266\254\362\240\037\130\077\022\106\140\074\215 -\241\340\175\317\127\076\063\036\373\107\361\252\025\227\007\125 -\146\245\265\055\056\330\200\131\262\247\015\267\106\354\041\143 -\377\065\253\245\002\317\052\364\114\376\173\365\224\135\204\115 -\250\362\140\217\333\016\045\074\237\163\161\317\224\337\112\352 -\333\337\162\070\214\363\226\275\361\027\274\322\272\073\105\132 -\306\247\366\306\027\213\001\235\374\031\250\052\203\026\270\072 -\110\376\116\076\240\253\006\031\351\123\363\200\023\007\355\055 -\277\077\012\074\125\040\071\054\054\000\151\164\225\112\274\040 -\262\251\171\345\030\211\221\250\334\034\115\357\273\176\067\013 -\135\376\071\245\210\122\214\000\154\354\030\174\101\275\366\213 -\165\167\272\140\235\204\347\376\055\002\003\001\000\001\243\102 -\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003 -\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003 -\002\001\006\060\035\006\003\125\035\016\004\026\004\024\025\070 -\203\017\077\054\077\160\063\036\315\106\376\007\214\040\340\327 -\303\267\060\015\006\011\052\206\110\206\367\015\001\001\005\005 -\000\003\202\001\001\000\137\361\101\175\174\134\010\271\053\340 -\325\222\107\372\147\134\245\023\303\003\041\233\053\114\211\106 -\317\131\115\311\376\245\100\266\143\315\335\161\050\225\147\021 -\314\044\254\323\104\154\161\256\001\040\153\003\242\217\030\267 -\051\072\175\345\026\140\123\170\074\300\257\025\203\367\217\122 -\063\044\275\144\223\227\356\213\367\333\030\250\155\161\263\367 -\054\027\320\164\045\151\367\376\153\074\224\276\115\113\101\214 -\116\342\163\320\343\220\042\163\103\315\363\357\352\163\316\105 -\212\260\246\111\377\114\175\235\161\210\304\166\035\220\133\035 -\356\375\314\367\356\375\140\245\261\172\026\161\321\026\320\174 -\022\074\154\151\227\333\256\137\071\232\160\057\005\074\031\106 -\004\231\040\066\320\140\156\141\006\273\026\102\214\160\367\060 -\373\340\333\146\243\000\001\275\346\054\332\221\137\240\106\213 -\115\152\234\075\075\335\005\106\376\166\277\240\012\074\344\000 -\346\047\267\377\204\055\336\272\042\047\226\020\161\353\042\355 -\337\337\063\234\317\343\255\256\216\324\216\346\117\121\257\026 -\222\340\134\366\007\017 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Visa eCommerce Root" -# Issuer: CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US -# Serial Number:13:86:35:4d:1d:3f:06:f2:c1:f9:65:05:d5:90:1c:62 -# Subject: CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US -# Not Valid Before: Wed Jun 26 02:18:36 2002 -# Not Valid After : Fri Jun 24 00:16:12 2022 -# Fingerprint (SHA-256): 69:FA:C9:BD:55:FB:0A:C7:8D:53:BB:EE:5C:F1:D5:97:98:9F:D0:AA:AB:20:A2:51:51:BD:F1:73:3E:E7:D1:22 -# Fingerprint (SHA1): 70:17:9B:86:8C:00:A4:FA:60:91:52:22:3F:9F:3E:32:BD:E0:05:62 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Visa eCommerce Root" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\160\027\233\206\214\000\244\372\140\221\122\042\077\237\076\062 -\275\340\005\142 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\374\021\270\330\010\223\060\000\155\043\371\176\353\122\036\002 -END -CKA_ISSUER MULTILINE_OCTAL -\060\153\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\015\060\013\006\003\125\004\012\023\004\126\111\123\101\061\057 -\060\055\006\003\125\004\013\023\046\126\151\163\141\040\111\156 -\164\145\162\156\141\164\151\157\156\141\154\040\123\145\162\166 -\151\143\145\040\101\163\163\157\143\151\141\164\151\157\156\061 -\034\060\032\006\003\125\004\003\023\023\126\151\163\141\040\145 -\103\157\155\155\145\162\143\145\040\122\157\157\164 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\023\206\065\115\035\077\006\362\301\371\145\005\325\220 -\034\142 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - - # # Certificate "Trustwave" # @@ -24407,648 +22426,10 @@ CKA_ISSUER MULTILINE_OCTAL \060\030\006\003\125\004\012\014\021\103\157\155\157\144\157\040 \103\101\040\114\151\155\151\164\145\144\061\041\060\037\006\003 \125\004\003\014\030\101\101\101\040\103\145\162\164\151\146\151 -\143\141\164\145\040\123\145\162\166\151\143\145\163 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - - -# -# Certificate "GeoTrust Global CA" -# -# Issuer: CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US -# Serial Number: 144470 (0x23456) -# Subject: CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US -# Not Valid Before: Tue May 21 04:00:00 2002 -# Not Valid After : Sat May 21 04:00:00 2022 -# Fingerprint (SHA-256): FF:85:6A:2D:25:1D:CD:88:D3:66:56:F4:50:12:67:98:CF:AB:AA:DE:40:79:9C:72:2D:E4:D2:B5:DB:36:A7:3A -# Fingerprint (SHA1): DE:28:F4:A4:FF:E5:B9:2F:A3:C5:03:D1:A3:49:A7:F9:96:2A:82:12 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GeoTrust Global CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\102\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165 -\163\164\040\111\156\143\056\061\033\060\031\006\003\125\004\003 -\023\022\107\145\157\124\162\165\163\164\040\107\154\157\142\141 -\154\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\102\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165 -\163\164\040\111\156\143\056\061\033\060\031\006\003\125\004\003 -\023\022\107\145\157\124\162\165\163\164\040\107\154\157\142\141 -\154\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\003\002\064\126 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\124\060\202\002\074\240\003\002\001\002\002\003\002 -\064\126\060\015\006\011\052\206\110\206\367\015\001\001\005\005 -\000\060\102\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162 -\165\163\164\040\111\156\143\056\061\033\060\031\006\003\125\004 -\003\023\022\107\145\157\124\162\165\163\164\040\107\154\157\142 -\141\154\040\103\101\060\036\027\015\060\062\060\065\062\061\060 -\064\060\060\060\060\132\027\015\062\062\060\065\062\061\060\064 -\060\060\060\060\132\060\102\061\013\060\011\006\003\125\004\006 -\023\002\125\123\061\026\060\024\006\003\125\004\012\023\015\107 -\145\157\124\162\165\163\164\040\111\156\143\056\061\033\060\031 -\006\003\125\004\003\023\022\107\145\157\124\162\165\163\164\040 -\107\154\157\142\141\154\040\103\101\060\202\001\042\060\015\006 -\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017 -\000\060\202\001\012\002\202\001\001\000\332\314\030\143\060\375 -\364\027\043\032\126\176\133\337\074\154\070\344\161\267\170\221 -\324\274\241\330\114\370\250\103\266\003\351\115\041\007\010\210 -\332\130\057\146\071\051\275\005\170\213\235\070\350\005\267\152 -\176\161\244\346\304\140\246\260\357\200\344\211\050\017\236\045 -\326\355\203\363\255\246\221\307\230\311\102\030\065\024\235\255 -\230\106\222\056\117\312\361\207\103\301\026\225\127\055\120\357 -\211\055\200\172\127\255\362\356\137\153\322\000\215\271\024\370 -\024\025\065\331\300\106\243\173\162\310\221\277\311\125\053\315 -\320\227\076\234\046\144\314\337\316\203\031\161\312\116\346\324 -\325\173\251\031\315\125\336\310\354\322\136\070\123\345\134\117 -\214\055\376\120\043\066\374\146\346\313\216\244\071\031\000\267 -\225\002\071\221\013\016\376\070\056\321\035\005\232\366\115\076 -\157\017\007\035\257\054\036\217\140\071\342\372\066\123\023\071 -\324\136\046\053\333\075\250\024\275\062\353\030\003\050\122\004 -\161\345\253\063\075\341\070\273\007\066\204\142\234\171\352\026 -\060\364\137\300\053\350\161\153\344\371\002\003\001\000\001\243 -\123\060\121\060\017\006\003\125\035\023\001\001\377\004\005\060 -\003\001\001\377\060\035\006\003\125\035\016\004\026\004\024\300 -\172\230\150\215\211\373\253\005\144\014\021\175\252\175\145\270 -\312\314\116\060\037\006\003\125\035\043\004\030\060\026\200\024 -\300\172\230\150\215\211\373\253\005\144\014\021\175\252\175\145 -\270\312\314\116\060\015\006\011\052\206\110\206\367\015\001\001 -\005\005\000\003\202\001\001\000\065\343\051\152\345\057\135\124 -\216\051\120\224\237\231\032\024\344\217\170\052\142\224\242\047 -\147\236\320\317\032\136\107\351\301\262\244\317\335\101\032\005 -\116\233\113\356\112\157\125\122\263\044\241\067\012\353\144\166 -\052\056\054\363\375\073\165\220\277\372\161\330\307\075\067\322 -\265\005\225\142\271\246\336\211\075\066\173\070\167\110\227\254 -\246\040\217\056\246\311\014\302\262\231\105\000\307\316\021\121 -\042\042\340\245\352\266\025\110\011\144\352\136\117\164\367\005 -\076\307\212\122\014\333\025\264\275\155\233\345\306\261\124\150 -\251\343\151\220\266\232\245\017\270\271\077\040\175\256\112\265 -\270\234\344\035\266\253\346\224\245\301\307\203\255\333\365\047 -\207\016\004\154\325\377\335\240\135\355\207\122\267\053\025\002 -\256\071\246\152\164\351\332\304\347\274\115\064\036\251\134\115 -\063\137\222\011\057\210\146\135\167\227\307\035\166\023\251\325 -\345\361\026\011\021\065\325\254\333\044\161\160\054\230\126\013 -\331\027\264\321\343\121\053\136\165\350\325\320\334\117\064\355 -\302\005\146\200\241\313\346\063 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "GeoTrust Global CA" -# Issuer: CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US -# Serial Number: 144470 (0x23456) -# Subject: CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US -# Not Valid Before: Tue May 21 04:00:00 2002 -# Not Valid After : Sat May 21 04:00:00 2022 -# Fingerprint (SHA-256): FF:85:6A:2D:25:1D:CD:88:D3:66:56:F4:50:12:67:98:CF:AB:AA:DE:40:79:9C:72:2D:E4:D2:B5:DB:36:A7:3A -# Fingerprint (SHA1): DE:28:F4:A4:FF:E5:B9:2F:A3:C5:03:D1:A3:49:A7:F9:96:2A:82:12 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GeoTrust Global CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\336\050\364\244\377\345\271\057\243\305\003\321\243\111\247\371 -\226\052\202\022 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\367\165\253\051\373\121\116\267\167\136\377\005\074\231\216\365 -END -CKA_ISSUER MULTILINE_OCTAL -\060\102\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165 -\163\164\040\111\156\143\056\061\033\060\031\006\003\125\004\003 -\023\022\107\145\157\124\162\165\163\164\040\107\154\157\142\141 -\154\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\003\002\064\126 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - - -# -# Certificate "GeoTrust Universal CA" -# -# Issuer: CN=GeoTrust Universal CA,O=GeoTrust Inc.,C=US -# Serial Number: 1 (0x1) -# Subject: CN=GeoTrust Universal CA,O=GeoTrust Inc.,C=US -# Not Valid Before: Thu Mar 04 05:00:00 2004 -# Not Valid After : Sun Mar 04 05:00:00 2029 -# Fingerprint (SHA-256): A0:45:9B:9F:63:B2:25:59:F5:FA:5D:4C:6D:B3:F9:F7:2F:F1:93:42:03:35:78:F0:73:BF:1D:1B:46:CB:B9:12 -# Fingerprint (SHA1): E6:21:F3:35:43:79:05:9A:4B:68:30:9D:8A:2F:74:22:15:87:EC:79 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GeoTrust Universal CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\105\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165 -\163\164\040\111\156\143\056\061\036\060\034\006\003\125\004\003 -\023\025\107\145\157\124\162\165\163\164\040\125\156\151\166\145 -\162\163\141\154\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\105\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165 -\163\164\040\111\156\143\056\061\036\060\034\006\003\125\004\003 -\023\025\107\145\157\124\162\165\163\164\040\125\156\151\166\145 -\162\163\141\154\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\150\060\202\003\120\240\003\002\001\002\002\001\001 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\105\061\013\060\011\006\003\125\004\006\023\002\125\123\061\026 -\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165\163 -\164\040\111\156\143\056\061\036\060\034\006\003\125\004\003\023 -\025\107\145\157\124\162\165\163\164\040\125\156\151\166\145\162 -\163\141\154\040\103\101\060\036\027\015\060\064\060\063\060\064 -\060\065\060\060\060\060\132\027\015\062\071\060\063\060\064\060 -\065\060\060\060\060\132\060\105\061\013\060\011\006\003\125\004 -\006\023\002\125\123\061\026\060\024\006\003\125\004\012\023\015 -\107\145\157\124\162\165\163\164\040\111\156\143\056\061\036\060 -\034\006\003\125\004\003\023\025\107\145\157\124\162\165\163\164 -\040\125\156\151\166\145\162\163\141\154\040\103\101\060\202\002 -\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000 -\003\202\002\017\000\060\202\002\012\002\202\002\001\000\246\025 -\125\240\243\306\340\037\214\235\041\120\327\301\276\053\133\265 -\244\236\241\331\162\130\275\000\033\114\277\141\311\024\035\105 -\202\253\306\035\200\326\075\353\020\234\072\257\155\044\370\274 -\161\001\236\006\365\174\137\036\301\016\125\312\203\232\131\060 -\256\031\313\060\110\225\355\042\067\215\364\112\232\162\146\076 -\255\225\300\340\026\000\340\020\037\053\061\016\327\224\124\323 -\102\063\240\064\035\036\105\166\335\117\312\030\067\354\205\025 -\172\031\010\374\325\307\234\360\362\251\056\020\251\222\346\075 -\130\075\251\026\150\074\057\165\041\030\177\050\167\245\341\141 -\027\267\246\351\370\036\231\333\163\156\364\012\242\041\154\356 -\332\252\205\222\146\257\366\172\153\202\332\272\042\010\065\017 -\317\102\361\065\372\152\356\176\053\045\314\072\021\344\155\257 -\163\262\166\035\255\320\262\170\147\032\244\071\034\121\013\147 -\126\203\375\070\135\015\316\335\360\273\053\226\037\336\173\062 -\122\375\035\273\265\006\241\262\041\136\245\326\225\150\177\360 -\231\236\334\105\010\076\347\322\011\015\065\224\335\200\116\123 -\227\327\265\011\104\040\144\026\027\003\002\114\123\015\150\336 -\325\252\162\115\223\155\202\016\333\234\275\317\264\363\134\135 -\124\172\151\011\226\326\333\021\301\215\165\250\264\317\071\310 -\316\074\274\044\174\346\142\312\341\275\175\247\275\127\145\013 -\344\376\045\355\266\151\020\334\050\032\106\275\001\035\320\227 -\265\341\230\073\300\067\144\326\075\224\356\013\341\365\050\256 -\013\126\277\161\213\043\051\101\216\206\305\113\122\173\330\161 -\253\037\212\025\246\073\203\132\327\130\001\121\306\114\101\331 -\177\330\101\147\162\242\050\337\140\203\251\236\310\173\374\123 -\163\162\131\365\223\172\027\166\016\316\367\345\134\331\013\125 -\064\242\252\133\265\152\124\347\023\312\127\354\227\155\364\136 -\006\057\105\213\130\324\043\026\222\344\026\156\050\143\131\060 -\337\120\001\234\143\211\032\237\333\027\224\202\160\067\303\044 -\236\232\107\326\132\312\116\250\151\211\162\037\221\154\333\176 -\236\033\255\307\037\163\335\054\117\031\145\375\177\223\100\020 -\056\322\360\355\074\236\056\050\076\151\046\063\305\173\002\003 -\001\000\001\243\143\060\141\060\017\006\003\125\035\023\001\001 -\377\004\005\060\003\001\001\377\060\035\006\003\125\035\016\004 -\026\004\024\332\273\056\252\260\014\270\210\046\121\164\134\155 -\003\323\300\330\217\172\326\060\037\006\003\125\035\043\004\030 -\060\026\200\024\332\273\056\252\260\014\270\210\046\121\164\134 -\155\003\323\300\330\217\172\326\060\016\006\003\125\035\017\001 -\001\377\004\004\003\002\001\206\060\015\006\011\052\206\110\206 -\367\015\001\001\005\005\000\003\202\002\001\000\061\170\346\307 -\265\337\270\224\100\311\161\304\250\065\354\106\035\302\205\363 -\050\130\206\260\013\374\216\262\071\217\104\125\253\144\204\134 -\151\251\320\232\070\074\372\345\037\065\345\104\343\200\171\224 -\150\244\273\304\237\075\341\064\315\060\106\213\124\053\225\245 -\357\367\077\231\204\375\065\346\317\061\306\334\152\277\247\327 -\043\010\341\230\136\303\132\010\166\251\246\257\167\057\267\140 -\275\104\106\152\357\227\377\163\225\301\216\350\223\373\375\061 -\267\354\127\021\021\105\233\060\361\032\210\071\301\117\074\247 -\000\325\307\374\253\155\200\042\160\245\014\340\135\004\051\002 -\373\313\240\221\321\174\326\303\176\120\325\235\130\276\101\070 -\353\271\165\074\025\331\233\311\112\203\131\300\332\123\375\063 -\273\066\030\233\205\017\025\335\356\055\254\166\223\271\331\001 -\215\110\020\250\373\365\070\206\361\333\012\306\275\204\243\043 -\101\336\326\167\157\205\324\205\034\120\340\256\121\212\272\215 -\076\166\342\271\312\047\362\137\237\357\156\131\015\006\330\053 -\027\244\322\174\153\273\137\024\032\110\217\032\114\347\263\107 -\034\216\114\105\053\040\356\110\337\347\335\011\216\030\250\332 -\100\215\222\046\021\123\141\163\135\353\275\347\304\115\051\067 -\141\353\254\071\055\147\056\026\326\365\000\203\205\241\314\177 -\166\304\175\344\267\113\146\357\003\105\140\151\266\014\122\226 -\222\204\136\246\243\265\244\076\053\331\314\330\033\107\252\362 -\104\332\117\371\003\350\360\024\313\077\363\203\336\320\301\124 -\343\267\350\012\067\115\213\040\131\003\060\031\241\054\310\275 -\021\037\337\256\311\112\305\363\047\146\146\206\254\150\221\377 -\331\346\123\034\017\213\134\151\145\012\046\310\036\064\303\135 -\121\173\327\251\234\006\241\066\335\325\211\224\274\331\344\055 -\014\136\011\154\010\227\174\243\075\174\223\377\077\241\024\247 -\317\265\135\353\333\333\034\304\166\337\210\271\275\105\005\225 -\033\256\374\106\152\114\257\110\343\316\256\017\322\176\353\346 -\154\234\117\201\152\172\144\254\273\076\325\347\313\166\056\305 -\247\110\301\134\220\017\313\310\077\372\346\062\341\215\033\157 -\244\346\216\330\371\051\110\212\316\163\376\054 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "GeoTrust Universal CA" -# Issuer: CN=GeoTrust Universal CA,O=GeoTrust Inc.,C=US -# Serial Number: 1 (0x1) -# Subject: CN=GeoTrust Universal CA,O=GeoTrust Inc.,C=US -# Not Valid Before: Thu Mar 04 05:00:00 2004 -# Not Valid After : Sun Mar 04 05:00:00 2029 -# Fingerprint (SHA-256): A0:45:9B:9F:63:B2:25:59:F5:FA:5D:4C:6D:B3:F9:F7:2F:F1:93:42:03:35:78:F0:73:BF:1D:1B:46:CB:B9:12 -# Fingerprint (SHA1): E6:21:F3:35:43:79:05:9A:4B:68:30:9D:8A:2F:74:22:15:87:EC:79 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GeoTrust Universal CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\346\041\363\065\103\171\005\232\113\150\060\235\212\057\164\042 -\025\207\354\171 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\222\145\130\213\242\032\061\162\163\150\134\264\245\172\007\110 -END -CKA_ISSUER MULTILINE_OCTAL -\060\105\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165 -\163\164\040\111\156\143\056\061\036\060\034\006\003\125\004\003 -\023\025\107\145\157\124\162\165\163\164\040\125\156\151\166\145 -\162\163\141\154\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - - -# -# Certificate "GeoTrust Universal CA 2" -# -# Issuer: CN=GeoTrust Universal CA 2,O=GeoTrust Inc.,C=US -# Serial Number: 1 (0x1) -# Subject: CN=GeoTrust Universal CA 2,O=GeoTrust Inc.,C=US -# Not Valid Before: Thu Mar 04 05:00:00 2004 -# Not Valid After : Sun Mar 04 05:00:00 2029 -# Fingerprint (SHA-256): A0:23:4F:3B:C8:52:7C:A5:62:8E:EC:81:AD:5D:69:89:5D:A5:68:0D:C9:1D:1C:B8:47:7F:33:F8:78:B9:5B:0B -# Fingerprint (SHA1): 37:9A:19:7B:41:85:45:35:0C:A6:03:69:F3:3C:2E:AF:47:4F:20:79 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GeoTrust Universal CA 2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165 -\163\164\040\111\156\143\056\061\040\060\036\006\003\125\004\003 -\023\027\107\145\157\124\162\165\163\164\040\125\156\151\166\145 -\162\163\141\154\040\103\101\040\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165 -\163\164\040\111\156\143\056\061\040\060\036\006\003\125\004\003 -\023\027\107\145\157\124\162\165\163\164\040\125\156\151\166\145 -\162\163\141\154\040\103\101\040\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\154\060\202\003\124\240\003\002\001\002\002\001\001 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061\026 -\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165\163 -\164\040\111\156\143\056\061\040\060\036\006\003\125\004\003\023 -\027\107\145\157\124\162\165\163\164\040\125\156\151\166\145\162 -\163\141\154\040\103\101\040\062\060\036\027\015\060\064\060\063 -\060\064\060\065\060\060\060\060\132\027\015\062\071\060\063\060 -\064\060\065\060\060\060\060\132\060\107\061\013\060\011\006\003 -\125\004\006\023\002\125\123\061\026\060\024\006\003\125\004\012 -\023\015\107\145\157\124\162\165\163\164\040\111\156\143\056\061 -\040\060\036\006\003\125\004\003\023\027\107\145\157\124\162\165 -\163\164\040\125\156\151\166\145\162\163\141\154\040\103\101\040 -\062\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001 -\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002 -\001\000\263\124\122\301\311\076\362\331\334\261\123\032\131\051 -\347\261\303\105\050\345\327\321\355\305\305\113\241\252\164\173 -\127\257\112\046\374\330\365\136\247\156\031\333\164\014\117\065 -\133\062\013\001\343\333\353\172\167\065\352\252\132\340\326\350 -\241\127\224\360\220\243\164\126\224\104\060\003\036\134\116\053 -\205\046\164\202\172\014\166\240\157\115\316\101\055\240\025\006 -\024\137\267\102\315\173\217\130\141\064\334\052\010\371\056\303 -\001\246\042\104\034\114\007\202\346\133\316\320\112\174\004\323 -\031\163\047\360\252\230\177\056\257\116\353\207\036\044\167\152 -\135\266\350\133\105\272\334\303\241\005\157\126\216\217\020\046 -\245\111\303\056\327\101\207\042\340\117\206\312\140\265\352\241 -\143\300\001\227\020\171\275\000\074\022\155\053\025\261\254\113 -\261\356\030\271\116\226\334\334\166\377\073\276\317\137\003\300 -\374\073\350\276\106\033\377\332\100\302\122\367\376\343\072\367 -\152\167\065\320\332\215\353\136\030\152\061\307\036\272\074\033 -\050\326\153\124\306\252\133\327\242\054\033\031\314\242\002\366 -\233\131\275\067\153\206\265\155\202\272\330\352\311\126\274\251 -\066\130\375\076\031\363\355\014\046\251\223\070\370\117\301\135 -\042\006\320\227\352\341\255\306\125\340\201\053\050\203\072\372 -\364\173\041\121\000\276\122\070\316\315\146\171\250\364\201\126 -\342\320\203\011\107\121\133\120\152\317\333\110\032\135\076\367 -\313\366\145\367\154\361\225\370\002\073\062\126\202\071\172\133 -\275\057\211\033\277\241\264\350\377\177\215\214\337\003\361\140 -\116\130\021\114\353\243\077\020\053\203\232\001\163\331\224\155 -\204\000\047\146\254\360\160\100\011\102\222\255\117\223\015\141 -\011\121\044\330\222\325\013\224\141\262\207\262\355\377\232\065 -\377\205\124\312\355\104\103\254\033\074\026\153\110\112\012\034 -\100\210\037\222\302\013\000\005\377\362\310\002\112\244\252\251 -\314\231\226\234\057\130\340\175\341\276\273\007\334\137\004\162 -\134\061\064\303\354\137\055\340\075\144\220\042\346\321\354\270 -\056\335\131\256\331\241\067\277\124\065\334\163\062\117\214\004 -\036\063\262\311\106\361\330\134\310\125\120\311\150\275\250\272 -\066\011\002\003\001\000\001\243\143\060\141\060\017\006\003\125 -\035\023\001\001\377\004\005\060\003\001\001\377\060\035\006\003 -\125\035\016\004\026\004\024\166\363\125\341\372\244\066\373\360 -\237\134\142\161\355\074\364\107\070\020\053\060\037\006\003\125 -\035\043\004\030\060\026\200\024\166\363\125\341\372\244\066\373 -\360\237\134\142\161\355\074\364\107\070\020\053\060\016\006\003 -\125\035\017\001\001\377\004\004\003\002\001\206\060\015\006\011 -\052\206\110\206\367\015\001\001\005\005\000\003\202\002\001\000 -\146\301\306\043\363\331\340\056\156\137\350\317\256\260\260\045 -\115\053\370\073\130\233\100\044\067\132\313\253\026\111\377\263 -\165\171\063\241\057\155\160\027\064\221\376\147\176\217\354\233 -\345\136\202\251\125\037\057\334\324\121\007\022\376\254\026\076 -\054\065\306\143\374\334\020\353\015\243\252\320\174\314\321\320 -\057\121\056\304\024\132\336\350\031\341\076\306\314\244\051\347 -\056\204\252\006\060\170\166\124\163\050\230\131\070\340\000\015 -\142\323\102\175\041\237\256\075\072\214\325\372\167\015\030\053 -\026\016\137\066\341\374\052\265\060\044\317\340\143\014\173\130 -\032\376\231\272\102\022\261\221\364\174\150\342\310\350\257\054 -\352\311\176\256\273\052\075\015\025\334\064\225\266\030\164\250 -\152\017\307\264\364\023\304\344\133\355\012\322\244\227\114\052 -\355\057\154\022\211\075\361\047\160\252\152\003\122\041\237\100 -\250\147\120\362\363\132\037\337\337\043\366\334\170\116\346\230 -\117\125\072\123\343\357\362\364\237\307\174\330\130\257\051\042 -\227\270\340\275\221\056\260\166\354\127\021\317\357\051\104\363 -\351\205\172\140\143\344\135\063\211\027\331\061\252\332\326\363 -\030\065\162\317\207\053\057\143\043\204\135\204\214\077\127\240 -\210\374\231\221\050\046\151\231\324\217\227\104\276\216\325\110 -\261\244\050\051\361\025\264\341\345\236\335\370\217\246\157\046 -\327\011\074\072\034\021\016\246\154\067\367\255\104\207\054\050 -\307\330\164\202\263\320\157\112\127\273\065\051\047\240\213\350 -\041\247\207\144\066\135\314\330\026\254\307\262\047\100\222\125 -\070\050\215\121\156\335\024\147\123\154\161\134\046\204\115\165 -\132\266\176\140\126\251\115\255\373\233\036\227\363\015\331\322 -\227\124\167\332\075\022\267\340\036\357\010\006\254\371\205\207 -\351\242\334\257\176\030\022\203\375\126\027\101\056\325\051\202 -\175\231\364\061\366\161\251\317\054\001\047\245\005\271\252\262 -\110\116\052\357\237\223\122\121\225\074\122\163\216\126\114\027 -\100\300\011\050\344\213\152\110\123\333\354\315\125\125\361\306 -\370\351\242\054\114\246\321\046\137\176\257\132\114\332\037\246 -\362\034\054\176\256\002\026\322\126\320\057\127\123\107\350\222 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "GeoTrust Universal CA 2" -# Issuer: CN=GeoTrust Universal CA 2,O=GeoTrust Inc.,C=US -# Serial Number: 1 (0x1) -# Subject: CN=GeoTrust Universal CA 2,O=GeoTrust Inc.,C=US -# Not Valid Before: Thu Mar 04 05:00:00 2004 -# Not Valid After : Sun Mar 04 05:00:00 2029 -# Fingerprint (SHA-256): A0:23:4F:3B:C8:52:7C:A5:62:8E:EC:81:AD:5D:69:89:5D:A5:68:0D:C9:1D:1C:B8:47:7F:33:F8:78:B9:5B:0B -# Fingerprint (SHA1): 37:9A:19:7B:41:85:45:35:0C:A6:03:69:F3:3C:2E:AF:47:4F:20:79 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GeoTrust Universal CA 2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\067\232\031\173\101\205\105\065\014\246\003\151\363\074\056\257 -\107\117\040\171 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\064\374\270\320\066\333\236\024\263\302\362\333\217\344\224\307 -END -CKA_ISSUER MULTILINE_OCTAL -\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165 -\163\164\040\111\156\143\056\061\040\060\036\006\003\125\004\003 -\023\027\107\145\157\124\162\165\163\164\040\125\156\151\166\145 -\162\163\141\154\040\103\101\040\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - - -# -# Certificate "QuoVadis Root Certification Authority" -# -# Issuer: CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM -# Serial Number: 985026699 (0x3ab6508b) -# Subject: CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM -# Not Valid Before: Mon Mar 19 18:33:33 2001 -# Not Valid After : Wed Mar 17 18:33:33 2021 -# Fingerprint (SHA-256): A4:5E:DE:3B:BB:F0:9C:8A:E1:5C:72:EF:C0:72:68:D6:93:A2:1C:99:6F:D5:1E:67:CA:07:94:60:FD:6D:88:73 -# Fingerprint (SHA1): DE:3F:40:BD:50:93:D3:9B:6C:60:F6:DA:BC:07:62:01:00:89:76:C9 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "QuoVadis Root Certification Authority" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\177\061\013\060\011\006\003\125\004\006\023\002\102\115\061 -\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144 -\151\163\040\114\151\155\151\164\145\144\061\045\060\043\006\003 -\125\004\013\023\034\122\157\157\164\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171\061\056\060\054\006\003\125\004\003\023\045\121\165\157\126 -\141\144\151\163\040\122\157\157\164\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\177\061\013\060\011\006\003\125\004\006\023\002\102\115\061 -\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144 -\151\163\040\114\151\155\151\164\145\144\061\045\060\043\006\003 -\125\004\013\023\034\122\157\157\164\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171\061\056\060\054\006\003\125\004\003\023\045\121\165\157\126 -\141\144\151\163\040\122\157\157\164\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\072\266\120\213 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\320\060\202\004\270\240\003\002\001\002\002\004\072 -\266\120\213\060\015\006\011\052\206\110\206\367\015\001\001\005 -\005\000\060\177\061\013\060\011\006\003\125\004\006\023\002\102 -\115\061\031\060\027\006\003\125\004\012\023\020\121\165\157\126 -\141\144\151\163\040\114\151\155\151\164\145\144\061\045\060\043 -\006\003\125\004\013\023\034\122\157\157\164\040\103\145\162\164 -\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162 -\151\164\171\061\056\060\054\006\003\125\004\003\023\045\121\165 -\157\126\141\144\151\163\040\122\157\157\164\040\103\145\162\164 -\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162 -\151\164\171\060\036\027\015\060\061\060\063\061\071\061\070\063 -\063\063\063\132\027\015\062\061\060\063\061\067\061\070\063\063 -\063\063\132\060\177\061\013\060\011\006\003\125\004\006\023\002 -\102\115\061\031\060\027\006\003\125\004\012\023\020\121\165\157 -\126\141\144\151\163\040\114\151\155\151\164\145\144\061\045\060 -\043\006\003\125\004\013\023\034\122\157\157\164\040\103\145\162 -\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157 -\162\151\164\171\061\056\060\054\006\003\125\004\003\023\045\121 -\165\157\126\141\144\151\163\040\122\157\157\164\040\103\145\162 -\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157 -\162\151\164\171\060\202\001\042\060\015\006\011\052\206\110\206 -\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012 -\002\202\001\001\000\277\141\265\225\123\272\127\374\372\362\147 -\013\072\032\337\021\200\144\225\264\321\274\315\172\317\366\051 -\226\056\044\124\100\044\070\367\032\205\334\130\114\313\244\047 -\102\227\320\237\203\212\303\344\006\003\133\000\245\121\036\160 -\004\164\342\301\324\072\253\327\255\073\007\030\005\216\375\203 -\254\352\146\331\030\033\150\212\365\127\032\230\272\365\355\166 -\075\174\331\336\224\152\073\113\027\301\325\217\275\145\070\072 -\225\320\075\125\066\116\337\171\127\061\052\036\330\131\145\111 -\130\040\230\176\253\137\176\237\351\326\115\354\203\164\251\307 -\154\330\356\051\112\205\052\006\024\371\124\346\323\332\145\007 -\213\143\067\022\327\320\354\303\173\040\101\104\243\355\313\240 -\027\341\161\145\316\035\146\061\367\166\001\031\310\175\003\130 -\266\225\111\035\246\022\046\350\306\014\166\340\343\146\313\352 -\135\246\046\356\345\314\137\275\147\247\001\047\016\242\312\124 -\305\261\172\225\035\161\036\112\051\212\003\334\152\105\301\244 -\031\136\157\066\315\303\242\260\267\376\134\070\342\122\274\370 -\104\103\346\220\273\002\003\001\000\001\243\202\002\122\060\202 -\002\116\060\075\006\010\053\006\001\005\005\007\001\001\004\061 -\060\057\060\055\006\010\053\006\001\005\005\007\060\001\206\041 -\150\164\164\160\163\072\057\057\157\143\163\160\056\161\165\157 -\166\141\144\151\163\157\146\146\163\150\157\162\145\056\143\157 -\155\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001 -\001\377\060\202\001\032\006\003\125\035\040\004\202\001\021\060 -\202\001\015\060\202\001\011\006\011\053\006\001\004\001\276\130 -\000\001\060\201\373\060\201\324\006\010\053\006\001\005\005\007 -\002\002\060\201\307\032\201\304\122\145\154\151\141\156\143\145 -\040\157\156\040\164\150\145\040\121\165\157\126\141\144\151\163 -\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164 -\145\040\142\171\040\141\156\171\040\160\141\162\164\171\040\141 -\163\163\165\155\145\163\040\141\143\143\145\160\164\141\156\143 -\145\040\157\146\040\164\150\145\040\164\150\145\156\040\141\160 -\160\154\151\143\141\142\154\145\040\163\164\141\156\144\141\162 -\144\040\164\145\162\155\163\040\141\156\144\040\143\157\156\144 -\151\164\151\157\156\163\040\157\146\040\165\163\145\054\040\143 -\145\162\164\151\146\151\143\141\164\151\157\156\040\160\162\141 -\143\164\151\143\145\163\054\040\141\156\144\040\164\150\145\040 -\121\165\157\126\141\144\151\163\040\103\145\162\164\151\146\151 -\143\141\164\145\040\120\157\154\151\143\171\056\060\042\006\010 -\053\006\001\005\005\007\002\001\026\026\150\164\164\160\072\057 -\057\167\167\167\056\161\165\157\166\141\144\151\163\056\142\155 -\060\035\006\003\125\035\016\004\026\004\024\213\113\155\355\323 -\051\271\006\031\354\071\071\251\360\227\204\152\313\357\337\060 -\201\256\006\003\125\035\043\004\201\246\060\201\243\200\024\213 -\113\155\355\323\051\271\006\031\354\071\071\251\360\227\204\152 -\313\357\337\241\201\204\244\201\201\060\177\061\013\060\011\006 -\003\125\004\006\023\002\102\115\061\031\060\027\006\003\125\004 -\012\023\020\121\165\157\126\141\144\151\163\040\114\151\155\151 -\164\145\144\061\045\060\043\006\003\125\004\013\023\034\122\157 -\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156 -\040\101\165\164\150\157\162\151\164\171\061\056\060\054\006\003 -\125\004\003\023\045\121\165\157\126\141\144\151\163\040\122\157 -\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156 -\040\101\165\164\150\157\162\151\164\171\202\004\072\266\120\213 -\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003 -\202\001\001\000\212\324\024\265\376\364\232\222\247\031\324\244 -\176\162\030\217\331\150\174\122\044\335\147\157\071\172\304\252 -\136\075\342\130\260\115\160\230\204\141\350\033\343\151\030\016 -\316\373\107\120\240\116\377\360\044\037\275\262\316\365\047\374 -\354\057\123\252\163\173\003\075\164\156\346\026\236\353\245\056 -\304\277\126\047\120\053\142\272\276\113\034\074\125\134\101\035 -\044\276\202\040\107\135\325\104\176\172\026\150\337\175\115\121 -\160\170\127\035\063\036\375\002\231\234\014\315\012\005\117\307 -\273\216\244\165\372\112\155\261\200\216\011\126\271\234\032\140 -\376\135\301\327\172\334\021\170\320\326\135\301\267\325\255\062 -\231\003\072\212\314\124\045\071\061\201\173\023\042\121\272\106 -\154\241\273\236\372\004\154\111\046\164\217\322\163\353\314\060 -\242\346\352\131\042\207\370\227\365\016\375\352\314\222\244\026 -\304\122\030\352\041\316\261\361\346\204\201\345\272\251\206\050 -\362\103\132\135\022\235\254\036\331\250\345\012\152\247\177\240 -\207\051\317\362\211\115\324\354\305\342\346\172\320\066\043\212 -\112\164\066\371 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "QuoVadis Root Certification Authority" -# Issuer: CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM -# Serial Number: 985026699 (0x3ab6508b) -# Subject: CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM -# Not Valid Before: Mon Mar 19 18:33:33 2001 -# Not Valid After : Wed Mar 17 18:33:33 2021 -# Fingerprint (SHA-256): A4:5E:DE:3B:BB:F0:9C:8A:E1:5C:72:EF:C0:72:68:D6:93:A2:1C:99:6F:D5:1E:67:CA:07:94:60:FD:6D:88:73 -# Fingerprint (SHA1): DE:3F:40:BD:50:93:D3:9B:6C:60:F6:DA:BC:07:62:01:00:89:76:C9 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "QuoVadis Root Certification Authority" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\336\077\100\275\120\223\323\233\154\140\366\332\274\007\142\001 -\000\211\166\311 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\047\336\066\376\162\267\000\003\000\235\364\360\036\154\004\044 -END -CKA_ISSUER MULTILINE_OCTAL -\060\177\061\013\060\011\006\003\125\004\006\023\002\102\115\061 -\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144 -\151\163\040\114\151\155\151\164\145\144\061\045\060\043\006\003 -\125\004\013\023\034\122\157\157\164\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171\061\056\060\054\006\003\125\004\003\023\045\121\165\157\126 -\141\144\151\163\040\122\157\157\164\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171 +\143\141\164\145\040\123\145\162\166\151\143\145\163 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\072\266\120\213 +\002\001\001 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR @@ -25057,122 +22438,161 @@ CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "Sonera Class2 CA" +# Certificate "GeoTrust Universal CA" # -# Issuer: CN=Sonera Class2 CA,O=Sonera,C=FI -# Serial Number: 29 (0x1d) -# Subject: CN=Sonera Class2 CA,O=Sonera,C=FI -# Not Valid Before: Fri Apr 06 07:29:40 2001 -# Not Valid After : Tue Apr 06 07:29:40 2021 -# Fingerprint (SHA-256): 79:08:B4:03:14:C1:38:10:0B:51:8D:07:35:80:7F:FB:FC:F8:51:8A:00:95:33:71:05:BA:38:6B:15:3D:D9:27 -# Fingerprint (SHA1): 37:F7:6D:E6:07:7C:90:C5:B1:3E:93:1A:B7:41:10:B4:F2:E4:9A:27 +# Issuer: CN=GeoTrust Universal CA,O=GeoTrust Inc.,C=US +# Serial Number: 1 (0x1) +# Subject: CN=GeoTrust Universal CA,O=GeoTrust Inc.,C=US +# Not Valid Before: Thu Mar 04 05:00:00 2004 +# Not Valid After : Sun Mar 04 05:00:00 2029 +# Fingerprint (SHA-256): A0:45:9B:9F:63:B2:25:59:F5:FA:5D:4C:6D:B3:F9:F7:2F:F1:93:42:03:35:78:F0:73:BF:1D:1B:46:CB:B9:12 +# Fingerprint (SHA1): E6:21:F3:35:43:79:05:9A:4B:68:30:9D:8A:2F:74:22:15:87:EC:79 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Sonera Class2 CA" +CKA_LABEL UTF8 "GeoTrust Universal CA" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\071\061\013\060\011\006\003\125\004\006\023\002\106\111\061 -\017\060\015\006\003\125\004\012\023\006\123\157\156\145\162\141 -\061\031\060\027\006\003\125\004\003\023\020\123\157\156\145\162 -\141\040\103\154\141\163\163\062\040\103\101 +\060\105\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165 +\163\164\040\111\156\143\056\061\036\060\034\006\003\125\004\003 +\023\025\107\145\157\124\162\165\163\164\040\125\156\151\166\145 +\162\163\141\154\040\103\101 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\071\061\013\060\011\006\003\125\004\006\023\002\106\111\061 -\017\060\015\006\003\125\004\012\023\006\123\157\156\145\162\141 -\061\031\060\027\006\003\125\004\003\023\020\123\157\156\145\162 -\141\040\103\154\141\163\163\062\040\103\101 +\060\105\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165 +\163\164\040\111\156\143\056\061\036\060\034\006\003\125\004\003 +\023\025\107\145\157\124\162\165\163\164\040\125\156\151\166\145 +\162\163\141\154\040\103\101 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\035 +\002\001\001 END CKA_VALUE MULTILINE_OCTAL -\060\202\003\040\060\202\002\010\240\003\002\001\002\002\001\035 +\060\202\005\150\060\202\003\120\240\003\002\001\002\002\001\001 \060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\071\061\013\060\011\006\003\125\004\006\023\002\106\111\061\017 -\060\015\006\003\125\004\012\023\006\123\157\156\145\162\141\061 -\031\060\027\006\003\125\004\003\023\020\123\157\156\145\162\141 -\040\103\154\141\163\163\062\040\103\101\060\036\027\015\060\061 -\060\064\060\066\060\067\062\071\064\060\132\027\015\062\061\060 -\064\060\066\060\067\062\071\064\060\132\060\071\061\013\060\011 -\006\003\125\004\006\023\002\106\111\061\017\060\015\006\003\125 -\004\012\023\006\123\157\156\145\162\141\061\031\060\027\006\003 -\125\004\003\023\020\123\157\156\145\162\141\040\103\154\141\163 -\163\062\040\103\101\060\202\001\042\060\015\006\011\052\206\110 -\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001 -\012\002\202\001\001\000\220\027\112\065\235\312\360\015\226\307 -\104\372\026\067\374\110\275\275\177\200\055\065\073\341\157\250 -\147\251\277\003\034\115\214\157\062\107\325\101\150\244\023\004 -\301\065\014\232\204\103\374\134\035\377\211\263\350\027\030\315 -\221\137\373\211\343\352\277\116\135\174\033\046\323\165\171\355 -\346\204\343\127\345\255\051\304\364\072\050\347\245\173\204\066 -\151\263\375\136\166\275\243\055\231\323\220\116\043\050\175\030 -\143\361\124\073\046\235\166\133\227\102\262\377\256\360\116\354 -\335\071\225\116\203\006\177\347\111\100\310\305\001\262\124\132 -\146\035\075\374\371\351\074\012\236\201\270\160\360\001\213\344 -\043\124\174\310\256\370\220\036\000\226\162\324\124\317\141\043 -\274\352\373\235\002\225\321\266\271\161\072\151\010\077\017\264 -\341\102\307\210\365\077\230\250\247\272\034\340\161\161\357\130 -\127\201\120\172\134\153\164\106\016\203\003\230\303\216\250\156 -\362\166\062\156\047\203\302\163\363\334\030\350\264\223\352\165 -\104\153\004\140\040\161\127\207\235\363\276\240\220\043\075\212 -\044\341\332\041\333\303\002\003\001\000\001\243\063\060\061\060 -\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377 -\060\021\006\003\125\035\016\004\012\004\010\112\240\252\130\204 -\323\136\074\060\013\006\003\125\035\017\004\004\003\002\001\006 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003 -\202\001\001\000\132\316\207\371\026\162\025\127\113\035\331\233 -\347\242\046\060\354\223\147\337\326\055\322\064\257\367\070\245 -\316\253\026\271\253\057\174\065\313\254\320\017\264\114\053\374 -\200\357\153\214\221\137\066\166\367\333\263\033\031\352\364\262 -\021\375\141\161\104\277\050\263\072\035\277\263\103\350\237\277 -\334\061\010\161\260\235\215\326\064\107\062\220\306\145\044\367 -\240\112\174\004\163\217\071\157\027\214\162\265\275\113\310\172 -\370\173\203\303\050\116\234\011\352\147\077\262\147\004\033\303 -\024\332\370\347\111\044\221\320\035\152\372\141\071\357\153\347 -\041\165\006\007\330\022\264\041\040\160\102\161\201\332\074\232 -\066\276\246\133\015\152\154\232\037\221\173\371\371\357\102\272 -\116\116\236\314\014\215\224\334\331\105\234\136\354\102\120\143 -\256\364\135\304\261\022\334\312\073\250\056\235\024\132\005\165 -\267\354\327\143\342\272\065\266\004\010\221\350\332\235\234\366 -\146\265\030\254\012\246\124\046\064\063\322\033\301\324\177\032 -\072\216\013\252\062\156\333\374\117\045\237\331\062\307\226\132 -\160\254\337\114 +\105\061\013\060\011\006\003\125\004\006\023\002\125\123\061\026 +\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165\163 +\164\040\111\156\143\056\061\036\060\034\006\003\125\004\003\023 +\025\107\145\157\124\162\165\163\164\040\125\156\151\166\145\162 +\163\141\154\040\103\101\060\036\027\015\060\064\060\063\060\064 +\060\065\060\060\060\060\132\027\015\062\071\060\063\060\064\060 +\065\060\060\060\060\132\060\105\061\013\060\011\006\003\125\004 +\006\023\002\125\123\061\026\060\024\006\003\125\004\012\023\015 +\107\145\157\124\162\165\163\164\040\111\156\143\056\061\036\060 +\034\006\003\125\004\003\023\025\107\145\157\124\162\165\163\164 +\040\125\156\151\166\145\162\163\141\154\040\103\101\060\202\002 +\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000 +\003\202\002\017\000\060\202\002\012\002\202\002\001\000\246\025 +\125\240\243\306\340\037\214\235\041\120\327\301\276\053\133\265 +\244\236\241\331\162\130\275\000\033\114\277\141\311\024\035\105 +\202\253\306\035\200\326\075\353\020\234\072\257\155\044\370\274 +\161\001\236\006\365\174\137\036\301\016\125\312\203\232\131\060 +\256\031\313\060\110\225\355\042\067\215\364\112\232\162\146\076 +\255\225\300\340\026\000\340\020\037\053\061\016\327\224\124\323 +\102\063\240\064\035\036\105\166\335\117\312\030\067\354\205\025 +\172\031\010\374\325\307\234\360\362\251\056\020\251\222\346\075 +\130\075\251\026\150\074\057\165\041\030\177\050\167\245\341\141 +\027\267\246\351\370\036\231\333\163\156\364\012\242\041\154\356 +\332\252\205\222\146\257\366\172\153\202\332\272\042\010\065\017 +\317\102\361\065\372\152\356\176\053\045\314\072\021\344\155\257 +\163\262\166\035\255\320\262\170\147\032\244\071\034\121\013\147 +\126\203\375\070\135\015\316\335\360\273\053\226\037\336\173\062 +\122\375\035\273\265\006\241\262\041\136\245\326\225\150\177\360 +\231\236\334\105\010\076\347\322\011\015\065\224\335\200\116\123 +\227\327\265\011\104\040\144\026\027\003\002\114\123\015\150\336 +\325\252\162\115\223\155\202\016\333\234\275\317\264\363\134\135 +\124\172\151\011\226\326\333\021\301\215\165\250\264\317\071\310 +\316\074\274\044\174\346\142\312\341\275\175\247\275\127\145\013 +\344\376\045\355\266\151\020\334\050\032\106\275\001\035\320\227 +\265\341\230\073\300\067\144\326\075\224\356\013\341\365\050\256 +\013\126\277\161\213\043\051\101\216\206\305\113\122\173\330\161 +\253\037\212\025\246\073\203\132\327\130\001\121\306\114\101\331 +\177\330\101\147\162\242\050\337\140\203\251\236\310\173\374\123 +\163\162\131\365\223\172\027\166\016\316\367\345\134\331\013\125 +\064\242\252\133\265\152\124\347\023\312\127\354\227\155\364\136 +\006\057\105\213\130\324\043\026\222\344\026\156\050\143\131\060 +\337\120\001\234\143\211\032\237\333\027\224\202\160\067\303\044 +\236\232\107\326\132\312\116\250\151\211\162\037\221\154\333\176 +\236\033\255\307\037\163\335\054\117\031\145\375\177\223\100\020 +\056\322\360\355\074\236\056\050\076\151\046\063\305\173\002\003 +\001\000\001\243\143\060\141\060\017\006\003\125\035\023\001\001 +\377\004\005\060\003\001\001\377\060\035\006\003\125\035\016\004 +\026\004\024\332\273\056\252\260\014\270\210\046\121\164\134\155 +\003\323\300\330\217\172\326\060\037\006\003\125\035\043\004\030 +\060\026\200\024\332\273\056\252\260\014\270\210\046\121\164\134 +\155\003\323\300\330\217\172\326\060\016\006\003\125\035\017\001 +\001\377\004\004\003\002\001\206\060\015\006\011\052\206\110\206 +\367\015\001\001\005\005\000\003\202\002\001\000\061\170\346\307 +\265\337\270\224\100\311\161\304\250\065\354\106\035\302\205\363 +\050\130\206\260\013\374\216\262\071\217\104\125\253\144\204\134 +\151\251\320\232\070\074\372\345\037\065\345\104\343\200\171\224 +\150\244\273\304\237\075\341\064\315\060\106\213\124\053\225\245 +\357\367\077\231\204\375\065\346\317\061\306\334\152\277\247\327 +\043\010\341\230\136\303\132\010\166\251\246\257\167\057\267\140 +\275\104\106\152\357\227\377\163\225\301\216\350\223\373\375\061 +\267\354\127\021\021\105\233\060\361\032\210\071\301\117\074\247 +\000\325\307\374\253\155\200\042\160\245\014\340\135\004\051\002 +\373\313\240\221\321\174\326\303\176\120\325\235\130\276\101\070 +\353\271\165\074\025\331\233\311\112\203\131\300\332\123\375\063 +\273\066\030\233\205\017\025\335\356\055\254\166\223\271\331\001 +\215\110\020\250\373\365\070\206\361\333\012\306\275\204\243\043 +\101\336\326\167\157\205\324\205\034\120\340\256\121\212\272\215 +\076\166\342\271\312\047\362\137\237\357\156\131\015\006\330\053 +\027\244\322\174\153\273\137\024\032\110\217\032\114\347\263\107 +\034\216\114\105\053\040\356\110\337\347\335\011\216\030\250\332 +\100\215\222\046\021\123\141\163\135\353\275\347\304\115\051\067 +\141\353\254\071\055\147\056\026\326\365\000\203\205\241\314\177 +\166\304\175\344\267\113\146\357\003\105\140\151\266\014\122\226 +\222\204\136\246\243\265\244\076\053\331\314\330\033\107\252\362 +\104\332\117\371\003\350\360\024\313\077\363\203\336\320\301\124 +\343\267\350\012\067\115\213\040\131\003\060\031\241\054\310\275 +\021\037\337\256\311\112\305\363\047\146\146\206\254\150\221\377 +\331\346\123\034\017\213\134\151\145\012\046\310\036\064\303\135 +\121\173\327\251\234\006\241\066\335\325\211\224\274\331\344\055 +\014\136\011\154\010\227\174\243\075\174\223\377\077\241\024\247 +\317\265\135\353\333\333\034\304\166\337\210\271\275\105\005\225 +\033\256\374\106\152\114\257\110\343\316\256\017\322\176\353\346 +\154\234\117\201\152\172\144\254\273\076\325\347\313\166\056\305 +\247\110\301\134\220\017\313\310\077\372\346\062\341\215\033\157 +\244\346\216\330\371\051\110\212\316\163\376\054 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE -# Trust for "Sonera Class2 CA" -# Issuer: CN=Sonera Class2 CA,O=Sonera,C=FI -# Serial Number: 29 (0x1d) -# Subject: CN=Sonera Class2 CA,O=Sonera,C=FI -# Not Valid Before: Fri Apr 06 07:29:40 2001 -# Not Valid After : Tue Apr 06 07:29:40 2021 -# Fingerprint (SHA-256): 79:08:B4:03:14:C1:38:10:0B:51:8D:07:35:80:7F:FB:FC:F8:51:8A:00:95:33:71:05:BA:38:6B:15:3D:D9:27 -# Fingerprint (SHA1): 37:F7:6D:E6:07:7C:90:C5:B1:3E:93:1A:B7:41:10:B4:F2:E4:9A:27 +# Trust for "GeoTrust Universal CA" +# Issuer: CN=GeoTrust Universal CA,O=GeoTrust Inc.,C=US +# Serial Number: 1 (0x1) +# Subject: CN=GeoTrust Universal CA,O=GeoTrust Inc.,C=US +# Not Valid Before: Thu Mar 04 05:00:00 2004 +# Not Valid After : Sun Mar 04 05:00:00 2029 +# Fingerprint (SHA-256): A0:45:9B:9F:63:B2:25:59:F5:FA:5D:4C:6D:B3:F9:F7:2F:F1:93:42:03:35:78:F0:73:BF:1D:1B:46:CB:B9:12 +# Fingerprint (SHA1): E6:21:F3:35:43:79:05:9A:4B:68:30:9D:8A:2F:74:22:15:87:EC:79 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Sonera Class2 CA" +CKA_LABEL UTF8 "GeoTrust Universal CA" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\067\367\155\346\007\174\220\305\261\076\223\032\267\101\020\264 -\362\344\232\047 +\346\041\363\065\103\171\005\232\113\150\060\235\212\057\164\042 +\025\207\354\171 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\243\354\165\017\056\210\337\372\110\001\116\013\134\110\157\373 +\222\145\130\213\242\032\061\162\163\150\134\264\245\172\007\110 END CKA_ISSUER MULTILINE_OCTAL -\060\071\061\013\060\011\006\003\125\004\006\023\002\106\111\061 -\017\060\015\006\003\125\004\012\023\006\123\157\156\145\162\141 -\061\031\060\027\006\003\125\004\003\023\020\123\157\156\145\162 -\141\040\103\154\141\163\163\062\040\103\101 +\060\105\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165 +\163\164\040\111\156\143\056\061\036\060\034\006\003\125\004\003 +\023\025\107\145\157\124\162\165\163\164\040\125\156\151\166\145 +\162\163\141\154\040\103\101 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\035 +\002\001\001 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR @@ -25791,283 +23211,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "CertPlus Class 2 Primary CA" -# -# Issuer: CN=Class 2 Primary CA,O=Certplus,C=FR -# Serial Number:00:85:bd:4b:f3:d8:da:e3:69:f6:94:d7:5f:c3:a5:44:23 -# Subject: CN=Class 2 Primary CA,O=Certplus,C=FR -# Not Valid Before: Wed Jul 07 17:05:00 1999 -# Not Valid After : Sat Jul 06 23:59:59 2019 -# Fingerprint (SHA-256): 0F:99:3C:8A:EF:97:BA:AF:56:87:14:0E:D5:9A:D1:82:1B:B4:AF:AC:F0:AA:9A:58:B5:D5:7A:33:8A:3A:FB:CB -# Fingerprint (SHA1): 74:20:74:41:72:9C:DD:92:EC:79:31:D8:23:10:8D:C2:81:92:E2:BB -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "CertPlus Class 2 Primary CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154 -\165\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141 -\163\163\040\062\040\120\162\151\155\141\162\171\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154 -\165\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141 -\163\163\040\062\040\120\162\151\155\141\162\171\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\021\000\205\275\113\363\330\332\343\151\366\224\327\137\303 -\245\104\043 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\222\060\202\002\172\240\003\002\001\002\002\021\000 -\205\275\113\363\330\332\343\151\366\224\327\137\303\245\104\043 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061\021 -\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154\165 -\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141\163 -\163\040\062\040\120\162\151\155\141\162\171\040\103\101\060\036 -\027\015\071\071\060\067\060\067\061\067\060\065\060\060\132\027 -\015\061\071\060\067\060\066\062\063\065\071\065\071\132\060\075 -\061\013\060\011\006\003\125\004\006\023\002\106\122\061\021\060 -\017\006\003\125\004\012\023\010\103\145\162\164\160\154\165\163 -\061\033\060\031\006\003\125\004\003\023\022\103\154\141\163\163 -\040\062\040\120\162\151\155\141\162\171\040\103\101\060\202\001 -\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000 -\003\202\001\017\000\060\202\001\012\002\202\001\001\000\334\120 -\226\320\022\370\065\322\010\170\172\266\122\160\375\157\356\317 -\271\021\313\135\167\341\354\351\176\004\215\326\314\157\163\103 -\127\140\254\063\012\104\354\003\137\034\200\044\221\345\250\221 -\126\022\202\367\340\053\364\333\256\141\056\211\020\215\153\154 -\272\263\002\275\325\066\305\110\067\043\342\360\132\067\122\063 -\027\022\342\321\140\115\276\057\101\021\343\366\027\045\014\213 -\221\300\033\231\173\231\126\015\257\356\322\274\107\127\343\171 -\111\173\064\211\047\044\204\336\261\354\351\130\116\376\116\337 -\132\276\101\255\254\010\305\030\016\357\322\123\356\154\320\235 -\022\001\023\215\334\200\142\367\225\251\104\210\112\161\116\140 -\125\236\333\043\031\171\126\007\014\077\143\013\134\260\342\276 -\176\025\374\224\063\130\101\070\164\304\341\217\213\337\046\254 -\037\265\213\073\267\103\131\153\260\044\246\155\220\213\304\162 -\352\135\063\230\267\313\336\136\173\357\224\361\033\076\312\311 -\041\301\305\230\002\252\242\366\133\167\233\365\176\226\125\064 -\034\147\151\300\361\102\343\107\254\374\050\034\146\125\002\003 -\001\000\001\243\201\214\060\201\211\060\017\006\003\125\035\023 -\004\010\060\006\001\001\377\002\001\012\060\013\006\003\125\035 -\017\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026 -\004\024\343\163\055\337\313\016\050\014\336\335\263\244\312\171 -\270\216\273\350\060\211\060\021\006\011\140\206\110\001\206\370 -\102\001\001\004\004\003\002\001\006\060\067\006\003\125\035\037 -\004\060\060\056\060\054\240\052\240\050\206\046\150\164\164\160 -\072\057\057\167\167\167\056\143\145\162\164\160\154\165\163\056 -\143\157\155\057\103\122\114\057\143\154\141\163\163\062\056\143 -\162\154\060\015\006\011\052\206\110\206\367\015\001\001\005\005 -\000\003\202\001\001\000\247\124\317\210\104\031\313\337\324\177 -\000\337\126\063\142\265\367\121\001\220\353\303\077\321\210\104 -\351\044\135\357\347\024\275\040\267\232\074\000\376\155\237\333 -\220\334\327\364\142\326\213\160\135\347\345\004\110\251\150\174 -\311\361\102\363\154\177\305\172\174\035\121\210\272\322\012\076 -\047\135\336\055\121\116\323\023\144\151\344\056\343\323\347\233 -\011\231\246\340\225\233\316\032\327\177\276\074\316\122\263\021 -\025\301\017\027\315\003\273\234\045\025\272\242\166\211\374\006 -\361\030\320\223\113\016\174\202\267\245\364\366\137\376\355\100 -\246\235\204\164\071\271\334\036\205\026\332\051\033\206\043\000 -\311\273\211\176\156\200\210\036\057\024\264\003\044\250\062\157 -\003\232\107\054\060\276\126\306\247\102\002\160\033\352\100\330 -\272\005\003\160\007\244\226\377\375\110\063\012\341\334\245\201 -\220\233\115\335\175\347\347\262\315\134\310\152\225\370\245\366 -\215\304\135\170\010\276\173\006\326\111\317\031\066\120\043\056 -\010\346\236\005\115\107\030\325\026\351\261\326\266\020\325\273 -\227\277\242\216\264\124 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "CertPlus Class 2 Primary CA" -# Issuer: CN=Class 2 Primary CA,O=Certplus,C=FR -# Serial Number:00:85:bd:4b:f3:d8:da:e3:69:f6:94:d7:5f:c3:a5:44:23 -# Subject: CN=Class 2 Primary CA,O=Certplus,C=FR -# Not Valid Before: Wed Jul 07 17:05:00 1999 -# Not Valid After : Sat Jul 06 23:59:59 2019 -# Fingerprint (SHA-256): 0F:99:3C:8A:EF:97:BA:AF:56:87:14:0E:D5:9A:D1:82:1B:B4:AF:AC:F0:AA:9A:58:B5:D5:7A:33:8A:3A:FB:CB -# Fingerprint (SHA1): 74:20:74:41:72:9C:DD:92:EC:79:31:D8:23:10:8D:C2:81:92:E2:BB -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "CertPlus Class 2 Primary CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\164\040\164\101\162\234\335\222\354\171\061\330\043\020\215\302 -\201\222\342\273 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\210\054\214\122\270\242\074\363\367\273\003\352\256\254\102\013 -END -CKA_ISSUER MULTILINE_OCTAL -\060\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154 -\165\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141 -\163\163\040\062\040\120\162\151\155\141\162\171\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\021\000\205\275\113\363\330\332\343\151\366\224\327\137\303 -\245\104\043 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - - -# -# Certificate "Deutsche Telekom Root CA 2" -# -# Issuer: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE -# Serial Number: 38 (0x26) -# Subject: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE -# Not Valid Before: Fri Jul 09 12:11:00 1999 -# Not Valid After : Tue Jul 09 23:59:00 2019 -# Fingerprint (SHA-256): B6:19:1A:50:D0:C3:97:7F:7D:A9:9B:CD:AA:C8:6A:22:7D:AE:B9:67:9E:C7:0B:A3:B0:C9:D9:22:71:C1:70:D3 -# Fingerprint (SHA1): 85:A4:08:C0:9C:19:3E:5D:51:58:7D:CD:D6:13:30:FD:8C:DE:37:BF -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Deutsche Telekom Root CA 2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\034\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143 -\150\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060 -\035\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145 -\143\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043 -\060\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150 -\145\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103 -\101\040\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\034\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143 -\150\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060 -\035\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145 -\143\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043 -\060\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150 -\145\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103 -\101\040\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\046 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\237\060\202\002\207\240\003\002\001\002\002\001\046 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061\034 -\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143\150 -\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060\035 -\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145\143 -\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043\060 -\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150\145 -\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103\101 -\040\062\060\036\027\015\071\071\060\067\060\071\061\062\061\061 -\060\060\132\027\015\061\071\060\067\060\071\062\063\065\071\060 -\060\132\060\161\061\013\060\011\006\003\125\004\006\023\002\104 -\105\061\034\060\032\006\003\125\004\012\023\023\104\145\165\164 -\163\143\150\145\040\124\145\154\145\153\157\155\040\101\107\061 -\037\060\035\006\003\125\004\013\023\026\124\055\124\145\154\145 -\123\145\143\040\124\162\165\163\164\040\103\145\156\164\145\162 -\061\043\060\041\006\003\125\004\003\023\032\104\145\165\164\163 -\143\150\145\040\124\145\154\145\153\157\155\040\122\157\157\164 -\040\103\101\040\062\060\202\001\042\060\015\006\011\052\206\110 -\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001 -\012\002\202\001\001\000\253\013\243\065\340\213\051\024\261\024 -\205\257\074\020\344\071\157\065\135\112\256\335\352\141\215\225 -\111\364\157\144\243\032\140\146\244\251\100\042\204\331\324\245 -\345\170\223\016\150\001\255\271\115\134\072\316\323\270\250\102 -\100\337\317\243\272\202\131\152\222\033\254\034\232\332\010\053 -\045\047\371\151\043\107\361\340\353\054\172\233\365\023\002\320 -\176\064\174\302\236\074\000\131\253\365\332\014\365\062\074\053 -\254\120\332\326\303\336\203\224\312\250\014\231\062\016\010\110 -\126\133\152\373\332\341\130\130\001\111\137\162\101\074\025\006 -\001\216\135\255\252\270\223\264\315\236\353\247\350\152\055\122 -\064\333\072\357\134\165\121\332\333\363\061\371\356\161\230\062 -\304\124\025\104\014\371\233\125\355\255\337\030\010\240\243\206 -\212\111\356\123\005\217\031\114\325\336\130\171\233\322\152\034 -\102\253\305\325\247\317\150\017\226\344\341\141\230\166\141\310 -\221\174\326\076\000\342\221\120\207\341\235\012\346\255\227\322 -\035\306\072\175\313\274\332\003\064\325\216\133\001\365\152\007 -\267\026\266\156\112\177\002\003\001\000\001\243\102\060\100\060 -\035\006\003\125\035\016\004\026\004\024\061\303\171\033\272\365 -\123\327\027\340\211\172\055\027\154\012\263\053\235\063\060\017 -\006\003\125\035\023\004\010\060\006\001\001\377\002\001\005\060 -\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202 -\001\001\000\224\144\131\255\071\144\347\051\353\023\376\132\303 -\213\023\127\310\004\044\360\164\167\300\140\343\147\373\351\211 -\246\203\277\226\202\174\156\324\303\075\357\236\200\156\273\051 -\264\230\172\261\073\124\353\071\027\107\176\032\216\013\374\037 -\061\131\061\004\262\316\027\363\054\307\142\066\125\342\042\330 -\211\125\264\230\110\252\144\372\326\034\066\330\104\170\132\132 -\043\072\127\227\365\172\060\117\256\237\152\114\113\053\216\240 -\003\343\076\340\251\324\322\173\322\263\250\342\162\074\255\236 -\377\200\131\344\233\105\264\366\073\260\315\071\031\230\062\345 -\352\041\141\220\344\061\041\216\064\261\367\057\065\112\205\020 -\332\347\212\067\041\276\131\143\340\362\205\210\061\123\324\124 -\024\205\160\171\364\056\006\167\047\165\057\037\270\212\371\376 -\305\272\330\066\344\203\354\347\145\267\277\143\132\363\106\257 -\201\224\067\324\101\214\326\043\326\036\317\365\150\033\104\143 -\242\132\272\247\065\131\241\345\160\005\233\016\043\127\231\224 -\012\155\272\071\143\050\206\222\363\030\204\330\373\321\317\005 -\126\144\127 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Deutsche Telekom Root CA 2" -# Issuer: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE -# Serial Number: 38 (0x26) -# Subject: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE -# Not Valid Before: Fri Jul 09 12:11:00 1999 -# Not Valid After : Tue Jul 09 23:59:00 2019 -# Fingerprint (SHA-256): B6:19:1A:50:D0:C3:97:7F:7D:A9:9B:CD:AA:C8:6A:22:7D:AE:B9:67:9E:C7:0B:A3:B0:C9:D9:22:71:C1:70:D3 -# Fingerprint (SHA1): 85:A4:08:C0:9C:19:3E:5D:51:58:7D:CD:D6:13:30:FD:8C:DE:37:BF -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Deutsche Telekom Root CA 2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\205\244\010\300\234\031\076\135\121\130\175\315\326\023\060\375 -\214\336\067\277 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\164\001\112\221\261\010\304\130\316\107\315\360\335\021\123\010 -END -CKA_ISSUER MULTILINE_OCTAL -\060\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\034\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143 -\150\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060 -\035\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145 -\143\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043 -\060\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150 -\145\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103 -\101\040\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\046 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - - # # Certificate "SZAFIR ROOT CA2" # @@ -29197,134 +26340,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "Application CA G4 Root" -# -# Issuer: CN=Application CA G4 Root,O=LGPKI,C=JP -# Serial Number:31:a5:f3:ca:90:ea:23:ac:d2:9e:bd -# Subject: CN=Application CA G4 Root,O=LGPKI,C=JP -# Not Valid Before: Wed Feb 15 15:00:00 2017 -# Not Valid After : Sun Feb 15 14:59:59 2037 -# Fingerprint (SHA-256): D1:A0:31:90:98:03:4E:3A:EC:72:9A:0B:5C:31:11:22:9D:9D:26:E3:E6:23:E8:C5:E6:84:3F:A0:6E:E8:E2:E4 -# Fingerprint (SHA1): 21:DA:CE:4C:2C:34:E6:64:68:EE:06:31:4D:B0:55:A0:A8:9D:4C:1D -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Application CA G4 Root" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\076\061\013\060\011\006\003\125\004\006\023\002\112\120\061 -\016\060\014\006\003\125\004\012\023\005\114\107\120\113\111\061 -\037\060\035\006\003\125\004\003\023\026\101\160\160\154\151\143 -\141\164\151\157\156\040\103\101\040\107\064\040\122\157\157\164 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\076\061\013\060\011\006\003\125\004\006\023\002\112\120\061 -\016\060\014\006\003\125\004\012\023\005\114\107\120\113\111\061 -\037\060\035\006\003\125\004\003\023\026\101\160\160\154\151\143 -\141\164\151\157\156\040\103\101\040\107\064\040\122\157\157\164 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\013\061\245\363\312\220\352\043\254\322\236\275 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\144\060\202\002\114\240\003\002\001\002\002\013\061 -\245\363\312\220\352\043\254\322\236\275\060\015\006\011\052\206 -\110\206\367\015\001\001\013\005\000\060\076\061\013\060\011\006 -\003\125\004\006\023\002\112\120\061\016\060\014\006\003\125\004 -\012\023\005\114\107\120\113\111\061\037\060\035\006\003\125\004 -\003\023\026\101\160\160\154\151\143\141\164\151\157\156\040\103 -\101\040\107\064\040\122\157\157\164\060\036\027\015\061\067\060 -\062\061\065\061\065\060\060\060\060\132\027\015\063\067\060\062 -\061\065\061\064\065\071\065\071\132\060\076\061\013\060\011\006 -\003\125\004\006\023\002\112\120\061\016\060\014\006\003\125\004 -\012\023\005\114\107\120\113\111\061\037\060\035\006\003\125\004 -\003\023\026\101\160\160\154\151\143\141\164\151\157\156\040\103 -\101\040\107\064\040\122\157\157\164\060\202\001\042\060\015\006 -\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017 -\000\060\202\001\012\002\202\001\001\000\257\253\307\345\214\246 -\130\236\057\326\005\311\221\167\060\276\336\032\324\016\143\142 -\321\314\055\261\321\206\070\215\035\205\146\123\237\252\101\145 -\340\130\322\345\051\276\224\250\225\223\074\137\152\305\233\237 -\064\350\155\301\306\323\247\345\103\240\022\060\300\071\064\140 -\014\213\364\150\365\110\337\351\216\034\256\110\247\273\252\075 -\170\267\342\111\273\301\043\004\132\033\220\001\305\175\253\112 -\001\241\302\223\152\322\205\263\266\347\166\353\153\157\070\353 -\040\122\060\225\010\365\371\054\356\310\300\165\271\001\355\301 -\067\126\060\134\235\177\144\302\312\100\040\271\225\205\274\245 -\007\175\014\276\056\241\335\306\046\351\052\051\154\237\050\230 -\051\121\350\166\023\033\357\056\013\067\132\063\236\300\045\147 -\252\017\055\250\324\222\046\070\001\247\320\142\030\056\042\070 -\070\170\013\272\122\231\241\174\046\002\261\342\305\342\336\316 -\212\002\104\204\242\243\351\213\210\143\061\311\057\070\000\351 -\304\002\115\036\043\047\022\110\334\021\261\360\322\342\016\060 -\031\257\003\241\007\263\065\224\042\245\002\003\001\000\001\243 -\143\060\141\060\035\006\003\125\035\016\004\026\004\024\156\334 -\012\065\037\040\302\350\241\323\175\005\116\117\114\140\345\244 -\304\147\060\016\006\003\125\035\017\001\001\377\004\004\003\002 -\001\006\060\017\006\003\125\035\023\001\001\377\004\005\060\003 -\001\001\377\060\037\006\003\125\035\043\004\030\060\026\200\024 -\156\334\012\065\037\040\302\350\241\323\175\005\116\117\114\140 -\345\244\304\147\060\015\006\011\052\206\110\206\367\015\001\001 -\013\005\000\003\202\001\001\000\125\063\325\100\267\032\176\117 -\334\164\203\016\104\272\077\275\122\225\310\223\226\043\362\001 -\271\024\353\312\022\164\315\141\210\064\257\115\136\364\131\212 -\253\036\330\343\131\301\036\370\060\265\100\306\273\270\257\321 -\355\077\154\252\163\230\202\344\230\064\256\222\101\016\131\066 -\032\272\120\034\026\364\027\072\054\033\342\227\157\262\257\321 -\332\336\024\122\337\200\074\307\117\075\207\236\272\225\275\170 -\274\125\074\211\366\056\046\325\025\345\320\100\022\305\263\161 -\077\154\146\037\243\374\113\265\116\342\156\334\200\007\303\371 -\050\024\173\367\136\026\152\103\247\256\221\001\037\117\145\251 -\110\263\316\156\032\006\041\244\323\061\210\210\245\111\021\202 -\153\353\271\235\140\376\237\376\305\367\370\177\253\067\356\257 -\347\130\106\272\011\344\135\071\247\113\004\330\003\002\311\140 -\052\136\125\151\021\013\140\170\201\172\364\161\365\217\106\256 -\217\004\250\227\034\200\211\043\143\333\376\353\246\027\016\131 -\266\056\271\206\353\137\136\154\335\201\347\253\060\201\043\220 -\047\261\367\053\220\071\013\270 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Application CA G4 Root" -# Issuer: CN=Application CA G4 Root,O=LGPKI,C=JP -# Serial Number:31:a5:f3:ca:90:ea:23:ac:d2:9e:bd -# Subject: CN=Application CA G4 Root,O=LGPKI,C=JP -# Not Valid Before: Wed Feb 15 15:00:00 2017 -# Not Valid After : Sun Feb 15 14:59:59 2037 -# Fingerprint (SHA-256): D1:A0:31:90:98:03:4E:3A:EC:72:9A:0B:5C:31:11:22:9D:9D:26:E3:E6:23:E8:C5:E6:84:3F:A0:6E:E8:E2:E4 -# Fingerprint (SHA1): 21:DA:CE:4C:2C:34:E6:64:68:EE:06:31:4D:B0:55:A0:A8:9D:4C:1D -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Application CA G4 Root" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\041\332\316\114\054\064\346\144\150\356\006\061\115\260\125\240 -\250\235\114\035 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\200\210\207\243\051\145\003\244\123\361\043\010\101\346\153\146 -END -CKA_ISSUER MULTILINE_OCTAL -\060\076\061\013\060\011\006\003\125\004\006\023\002\112\120\061 -\016\060\014\006\003\125\004\012\023\005\114\107\120\113\111\061 -\037\060\035\006\003\125\004\003\023\026\101\160\160\154\151\143 -\141\164\151\157\156\040\103\101\040\107\064\040\122\157\157\164 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\013\061\245\363\312\220\352\043\254\322\236\275 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - - # # Certificate "Netrust Root CA 2" # diff --git a/SPECS/prebuilt-ca-certificates-base/prebuilt-ca-certificates-base.spec b/SPECS/prebuilt-ca-certificates-base/prebuilt-ca-certificates-base.spec index 1ee285508a1..081384f8031 100644 --- a/SPECS/prebuilt-ca-certificates-base/prebuilt-ca-certificates-base.spec +++ b/SPECS/prebuilt-ca-certificates-base/prebuilt-ca-certificates-base.spec @@ -2,7 +2,7 @@ Summary: Prebuilt version of ca-certificates-base package. Name: prebuilt-ca-certificates-base Version: 20200720 -Release: 29%{?dist} +Release: 30%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -40,6 +40,9 @@ rm %{buildroot}%{_sysconfdir}/pki/rpm-gpg/* %{_sysconfdir}/pki/java/cacerts %changelog +* Thu Mar 30 2023 CBL-Mariner Service Account - 20200720-30 +- Making 'Release' match with 'ca-certificates'. + * Mon Dec 12 2022 Pawel Winogrodzki - 20200720-29 - Making 'Release' match with 'ca-certificates'. diff --git a/SPECS/prebuilt-ca-certificates/prebuilt-ca-certificates.spec b/SPECS/prebuilt-ca-certificates/prebuilt-ca-certificates.spec index 8f2cb8e0963..e3a03b039c5 100644 --- a/SPECS/prebuilt-ca-certificates/prebuilt-ca-certificates.spec +++ b/SPECS/prebuilt-ca-certificates/prebuilt-ca-certificates.spec @@ -2,7 +2,7 @@ Summary: Prebuilt version of ca-certificates package. Name: prebuilt-ca-certificates Version: 20200720 -Release: 29%{?dist} +Release: 30%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -47,6 +47,9 @@ rm %{buildroot}%{_sysconfdir}/pki/rpm-gpg/* %{_sysconfdir}/pki/java/cacerts %changelog +* Thu Mar 30 2023 CBL-Mariner Service Account - 20200720-30 +- Making 'Release' match with 'ca-certificates'. + * Mon Dec 12 2022 Pawel Winogrodzki - 20200720-29 - Making 'Release' match with 'ca-certificates'. diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 36074f561aa..4b3de1c37a6 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -164,7 +164,7 @@ libffi-3.2.1-12.cm1.aarch64.rpm libtasn1-4.14-4.cm1.aarch64.rpm p11-kit-0.23.22-1.cm1.aarch64.rpm p11-kit-trust-0.23.22-1.cm1.aarch64.rpm -ca-certificates-shared-20200720-29.cm1.noarch.rpm -ca-certificates-tools-20200720-29.cm1.noarch.rpm -ca-certificates-base-20200720-29.cm1.noarch.rpm +ca-certificates-shared-20200720-30.cm1.noarch.rpm +ca-certificates-tools-20200720-30.cm1.noarch.rpm +ca-certificates-base-20200720-30.cm1.noarch.rpm libselinux-3.2-1.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 1fc029a9d95..d4a73252388 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -164,7 +164,7 @@ libffi-3.2.1-12.cm1.x86_64.rpm libtasn1-4.14-4.cm1.x86_64.rpm p11-kit-0.23.22-1.cm1.x86_64.rpm p11-kit-trust-0.23.22-1.cm1.x86_64.rpm -ca-certificates-shared-20200720-29.cm1.noarch.rpm -ca-certificates-tools-20200720-29.cm1.noarch.rpm -ca-certificates-base-20200720-29.cm1.noarch.rpm +ca-certificates-shared-20200720-30.cm1.noarch.rpm +ca-certificates-tools-20200720-30.cm1.noarch.rpm +ca-certificates-base-20200720-30.cm1.noarch.rpm libselinux-3.2-1.cm1.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 70ab987cb2c..39bf4ceb115 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -22,11 +22,11 @@ bzip2-1.0.6-15.cm1.aarch64.rpm bzip2-debuginfo-1.0.6-15.cm1.aarch64.rpm bzip2-devel-1.0.6-15.cm1.aarch64.rpm bzip2-libs-1.0.6-15.cm1.aarch64.rpm -ca-certificates-20200720-29.cm1.noarch.rpm -ca-certificates-base-20200720-29.cm1.noarch.rpm -ca-certificates-legacy-20200720-29.cm1.noarch.rpm -ca-certificates-shared-20200720-29.cm1.noarch.rpm -ca-certificates-tools-20200720-29.cm1.noarch.rpm +ca-certificates-20200720-30.cm1.noarch.rpm +ca-certificates-base-20200720-30.cm1.noarch.rpm +ca-certificates-legacy-20200720-30.cm1.noarch.rpm +ca-certificates-shared-20200720-30.cm1.noarch.rpm +ca-certificates-tools-20200720-30.cm1.noarch.rpm check-0.12.0-4.cm1.aarch64.rpm check-debuginfo-0.12.0-4.cm1.aarch64.rpm cmake-3.21.4-3.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index f9a3159ae1a..ae284efac07 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -22,11 +22,11 @@ bzip2-1.0.6-15.cm1.x86_64.rpm bzip2-debuginfo-1.0.6-15.cm1.x86_64.rpm bzip2-devel-1.0.6-15.cm1.x86_64.rpm bzip2-libs-1.0.6-15.cm1.x86_64.rpm -ca-certificates-20200720-29.cm1.noarch.rpm -ca-certificates-base-20200720-29.cm1.noarch.rpm -ca-certificates-legacy-20200720-29.cm1.noarch.rpm -ca-certificates-shared-20200720-29.cm1.noarch.rpm -ca-certificates-tools-20200720-29.cm1.noarch.rpm +ca-certificates-20200720-30.cm1.noarch.rpm +ca-certificates-base-20200720-30.cm1.noarch.rpm +ca-certificates-legacy-20200720-30.cm1.noarch.rpm +ca-certificates-shared-20200720-30.cm1.noarch.rpm +ca-certificates-tools-20200720-30.cm1.noarch.rpm check-0.12.0-4.cm1.x86_64.rpm check-debuginfo-0.12.0-4.cm1.x86_64.rpm cmake-3.21.4-3.cm1.x86_64.rpm From 9b8efa69e73509f02fd39004b3f10a0824f4ad14 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Thu, 30 Mar 2023 15:14:50 -0700 Subject: [PATCH 02/16] Updated `tzdata` to version 2023c. (#5189) --- SPECS/tzdata/tzdata.signatures.json | 2 +- SPECS/tzdata/tzdata.spec | 5 ++++- cgmanifest.json | 6 +++--- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/SPECS/tzdata/tzdata.signatures.json b/SPECS/tzdata/tzdata.signatures.json index 7cc86e974bc..6294c95d9d6 100644 --- a/SPECS/tzdata/tzdata.signatures.json +++ b/SPECS/tzdata/tzdata.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "tzdata2022g.tar.gz": "4491db8281ae94a84d939e427bdd83dc389f26764d27d9a5c52d782c16764478" + "tzdata2023c.tar.gz": "3f510b5d1b4ae9bb38e485aa302a776b317fb3637bdb6404c4adf7b6cadd965c" } } \ No newline at end of file diff --git a/SPECS/tzdata/tzdata.spec b/SPECS/tzdata/tzdata.spec index cb8f4e40a45..5e5aac5330c 100644 --- a/SPECS/tzdata/tzdata.spec +++ b/SPECS/tzdata/tzdata.spec @@ -1,6 +1,6 @@ Summary: Time zone data Name: tzdata -Version: 2022g +Version: 2023c Release: 1%{?dist} URL: https://www.iana.org/time-zones License: Public Domain @@ -43,6 +43,9 @@ ln -svf %{_datarootdir}/zoneinfo/UTC %{buildroot}%{_sysconfdir}/localtime %{_datadir}/* %changelog +* Thu Mar 30 2023 CBL-Mariner Service Account - 2023c-1 +- Update to version "2023c". + * Wed Nov 30 2022 CBL-Mariner Service Account - 2022g-1 - Update to version "2022g". diff --git a/cgmanifest.json b/cgmanifest.json index 613f49ab5ab..b8130065793 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -8486,8 +8486,8 @@ "type": "other", "other": { "name": "tzdata", - "version": "2022g", - "downloadUrl": "https://data.iana.org/time-zones/releases/tzdata2022g.tar.gz" + "version": "2023c", + "downloadUrl": "https://data.iana.org/time-zones/releases/tzdata2023c.tar.gz" } } }, @@ -8993,4 +8993,4 @@ } ], "Version": 1 -} \ No newline at end of file +} From b1c89e66f9c8f3ee72f2cc3ab26b7d614f96a544 Mon Sep 17 00:00:00 2001 From: osamaesmailmsft <110202916+osamaesmailmsft@users.noreply.github.com> Date: Fri, 31 Mar 2023 15:16:38 -0700 Subject: [PATCH 03/16] Patching CVE-2023-0460 (openssl) for 1.0-dev (#5200) --- SPECS/openssl/CVE-2023-0464.patch | 221 ++++++++++++++++++ SPECS/openssl/openssl.spec | 8 +- .../manifests/package/pkggen_core_aarch64.txt | 12 +- .../manifests/package/pkggen_core_x86_64.txt | 12 +- .../manifests/package/toolchain_aarch64.txt | 12 +- .../manifests/package/toolchain_x86_64.txt | 12 +- 6 files changed, 252 insertions(+), 25 deletions(-) create mode 100644 SPECS/openssl/CVE-2023-0464.patch diff --git a/SPECS/openssl/CVE-2023-0464.patch b/SPECS/openssl/CVE-2023-0464.patch new file mode 100644 index 00000000000..33249c245fe --- /dev/null +++ b/SPECS/openssl/CVE-2023-0464.patch @@ -0,0 +1,221 @@ +From 879f7080d7e141f415c79eaa3a8ac4a3dad0348b Mon Sep 17 00:00:00 2001 +From: Pauli +Date: Wed, 8 Mar 2023 15:28:20 +1100 +Subject: [PATCH] x509: excessive resource use verifying policy constraints + +A security vulnerability has been identified in all supported versions +of OpenSSL related to the verification of X.509 certificate chains +that include policy constraints. Attackers may be able to exploit this +vulnerability by creating a malicious certificate chain that triggers +exponential use of computational resources, leading to a denial-of-service +(DoS) attack on affected systems. + +Fixes CVE-2023-0464 + +Reviewed-by: Tomas Mraz +Reviewed-by: Shane Lontis +(Merged from https://github.com/openssl/openssl/pull/20569) +--- + crypto/x509v3/pcy_local.h | 8 +++++++- + crypto/x509v3/pcy_node.c | 12 +++++++++--- + crypto/x509v3/pcy_tree.c | 37 +++++++++++++++++++++++++++---------- + 3 files changed, 43 insertions(+), 14 deletions(-) + +diff --git a/crypto/x509v3/pcy_local.h b/crypto/x509v3/pcy_local.h +index 5daf78de45..344aa06765 100644 +--- a/crypto/x509v3/pcy_local.h ++++ b/crypto/x509v3/pcy_local.h +@@ -111,6 +111,11 @@ struct X509_POLICY_LEVEL_st { + }; + + struct X509_POLICY_TREE_st { ++ /* The number of nodes in the tree */ ++ size_t node_count; ++ /* The maximum number of nodes in the tree */ ++ size_t node_maximum; ++ + /* This is the tree 'level' data */ + X509_POLICY_LEVEL *levels; + int nlevel; +@@ -159,7 +164,8 @@ X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk, + X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, + X509_POLICY_DATA *data, + X509_POLICY_NODE *parent, +- X509_POLICY_TREE *tree); ++ X509_POLICY_TREE *tree, ++ int extra_data); + void policy_node_free(X509_POLICY_NODE *node); + int policy_node_match(const X509_POLICY_LEVEL *lvl, + const X509_POLICY_NODE *node, const ASN1_OBJECT *oid); +diff --git a/crypto/x509v3/pcy_node.c b/crypto/x509v3/pcy_node.c +index e2d7b15322..d574fb9d66 100644 +--- a/crypto/x509v3/pcy_node.c ++++ b/crypto/x509v3/pcy_node.c +@@ -59,10 +59,15 @@ X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level, + X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, + X509_POLICY_DATA *data, + X509_POLICY_NODE *parent, +- X509_POLICY_TREE *tree) ++ X509_POLICY_TREE *tree, ++ int extra_data) + { + X509_POLICY_NODE *node; + ++ /* Verify that the tree isn't too large. This mitigates CVE-2023-0464 */ ++ if (tree->node_maximum > 0 && tree->node_count >= tree->node_maximum) ++ return NULL; ++ + node = OPENSSL_zalloc(sizeof(*node)); + if (node == NULL) { + X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE); +@@ -70,7 +75,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, + } + node->data = data; + node->parent = parent; +- if (level) { ++ if (level != NULL) { + if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) { + if (level->anyPolicy) + goto node_error; +@@ -90,7 +95,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, + } + } + +- if (tree) { ++ if (extra_data) { + if (tree->extra_data == NULL) + tree->extra_data = sk_X509_POLICY_DATA_new_null(); + if (tree->extra_data == NULL){ +@@ -103,6 +108,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, + } + } + ++ tree->node_count++; + if (parent) + parent->nchild++; + +diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c +index 6e8322cbc5..6c7fd35405 100644 +--- a/crypto/x509v3/pcy_tree.c ++++ b/crypto/x509v3/pcy_tree.c +@@ -13,6 +13,18 @@ + + #include "pcy_local.h" + ++/* ++ * If the maximum number of nodes in the policy tree isn't defined, set it to ++ * a generous default of 1000 nodes. ++ * ++ * Defining this to be zero means unlimited policy tree growth which opens the ++ * door on CVE-2023-0464. ++ */ ++ ++#ifndef OPENSSL_POLICY_TREE_NODES_MAX ++# define OPENSSL_POLICY_TREE_NODES_MAX 1000 ++#endif ++ + /* + * Enable this to print out the complete policy tree at various point during + * evaluation. +@@ -168,6 +180,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, + return X509_PCY_TREE_INTERNAL; + } + ++ /* Limit the growth of the tree to mitigate CVE-2023-0464 */ ++ tree->node_maximum = OPENSSL_POLICY_TREE_NODES_MAX; ++ + /* + * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3. + * +@@ -184,7 +199,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, + level = tree->levels; + if ((data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0)) == NULL) + goto bad_tree; +- if (level_add_node(level, data, NULL, tree) == NULL) { ++ if (level_add_node(level, data, NULL, tree, 1) == NULL) { + policy_data_free(data); + goto bad_tree; + } +@@ -243,7 +258,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, + * Return value: 1 on success, 0 otherwise + */ + static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, +- X509_POLICY_DATA *data) ++ X509_POLICY_DATA *data, ++ X509_POLICY_TREE *tree) + { + X509_POLICY_LEVEL *last = curr - 1; + int i, matched = 0; +@@ -253,13 +269,13 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, + X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i); + + if (policy_node_match(last, node, data->valid_policy)) { +- if (level_add_node(curr, data, node, NULL) == NULL) ++ if (level_add_node(curr, data, node, tree, 0) == NULL) + return 0; + matched = 1; + } + } + if (!matched && last->anyPolicy) { +- if (level_add_node(curr, data, last->anyPolicy, NULL) == NULL) ++ if (level_add_node(curr, data, last->anyPolicy, tree, 0) == NULL) + return 0; + } + return 1; +@@ -272,7 +288,8 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, + * Return value: 1 on success, 0 otherwise. + */ + static int tree_link_nodes(X509_POLICY_LEVEL *curr, +- const X509_POLICY_CACHE *cache) ++ const X509_POLICY_CACHE *cache, ++ X509_POLICY_TREE *tree) + { + int i; + +@@ -280,7 +297,7 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr, + X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i); + + /* Look for matching nodes in previous level */ +- if (!tree_link_matching_nodes(curr, data)) ++ if (!tree_link_matching_nodes(curr, data, tree)) + return 0; + } + return 1; +@@ -311,7 +328,7 @@ static int tree_add_unmatched(X509_POLICY_LEVEL *curr, + /* Curr may not have anyPolicy */ + data->qualifier_set = cache->anyPolicy->qualifier_set; + data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; +- if (level_add_node(curr, data, node, tree) == NULL) { ++ if (level_add_node(curr, data, node, tree, 1) == NULL) { + policy_data_free(data); + return 0; + } +@@ -373,7 +390,7 @@ static int tree_link_any(X509_POLICY_LEVEL *curr, + } + /* Finally add link to anyPolicy */ + if (last->anyPolicy && +- level_add_node(curr, cache->anyPolicy, last->anyPolicy, NULL) == NULL) ++ level_add_node(curr, cache->anyPolicy, last->anyPolicy, tree, 0) == NULL) + return 0; + return 1; + } +@@ -555,7 +572,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree, + extra->qualifier_set = anyPolicy->data->qualifier_set; + extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS + | POLICY_DATA_FLAG_EXTRA_NODE; +- node = level_add_node(NULL, extra, anyPolicy->parent, tree); ++ node = level_add_node(NULL, extra, anyPolicy->parent, tree, 1); + } + if (!tree->user_policies) { + tree->user_policies = sk_X509_POLICY_NODE_new_null(); +@@ -582,7 +599,7 @@ static int tree_evaluate(X509_POLICY_TREE *tree) + + for (i = 1; i < tree->nlevel; i++, curr++) { + cache = policy_cache_set(curr->cert); +- if (!tree_link_nodes(curr, cache)) ++ if (!tree_link_nodes(curr, cache, tree)) + return X509_PCY_TREE_INTERNAL; + + if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) +-- +2.34.1 diff --git a/SPECS/openssl/openssl.spec b/SPECS/openssl/openssl.spec index ee7c39ee13a..b676d601829 100644 --- a/SPECS/openssl/openssl.spec +++ b/SPECS/openssl/openssl.spec @@ -4,7 +4,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 1.1.1k -Release: 13%{?dist} +Release: 14%{?dist} License: OpenSSL Vendor: Microsoft Corporation Distribution: Mariner @@ -52,6 +52,7 @@ Patch29: CVE-2023-0286.patch Patch30: CVE-2022-4304.patch Patch31: CVE-2022-4450.patch Patch32: CVE-2023-0215.patch +Patch33: CVE-2023-0464.patch BuildRequires: perl-Test-Warnings BuildRequires: perl-Text-Template Requires: %{name}-libs = %{version}-%{release} @@ -149,6 +150,7 @@ cp %{SOURCE4} test/ %patch30 -p1 %patch31 -p1 %patch32 -p1 +%patch33 -p1 %build # Add -Wa,--noexecstack here so that libcrypto's assembler modules will be @@ -328,6 +330,10 @@ rm -f %{buildroot}%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist %postun libs -p /sbin/ldconfig %changelog +* Fri Mar 31 2023 Osama Esmail - 1.1.1k-14 +- Adding patch for CVE-2023-0464 +- 2 of the 3 patches for the CVE were for later versions + * Tue Feb 07 2023 Olivia Crain - 1.1.1k-13 - Add upstream patches for CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2024-0286 diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 4b3de1c37a6..fe214f32a0e 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -105,12 +105,12 @@ perl-5.30.3-1.cm1.aarch64.rpm texinfo-6.5-7.cm1.aarch64.rpm autoconf-2.69-10.cm1.noarch.rpm automake-1.16.1-3.cm1.noarch.rpm -openssl-1.1.1k-13.cm1.aarch64.rpm -openssl-devel-1.1.1k-13.cm1.aarch64.rpm -openssl-libs-1.1.1k-13.cm1.aarch64.rpm -openssl-perl-1.1.1k-13.cm1.aarch64.rpm -openssl-static-1.1.1k-13.cm1.aarch64.rpm -openssl-debuginfo-1.1.1k-13.cm1.aarch64.rpm +openssl-1.1.1k-14.cm1.aarch64.rpm +openssl-devel-1.1.1k-14.cm1.aarch64.rpm +openssl-libs-1.1.1k-14.cm1.aarch64.rpm +openssl-perl-1.1.1k-14.cm1.aarch64.rpm +openssl-static-1.1.1k-14.cm1.aarch64.rpm +openssl-debuginfo-1.1.1k-14.cm1.aarch64.rpm libcap-2.26-2.cm1.aarch64.rpm libcap-devel-2.26-2.cm1.aarch64.rpm libcap-ng-0.7.9-3.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index d4a73252388..92256e9cef4 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -105,12 +105,12 @@ perl-5.30.3-1.cm1.x86_64.rpm texinfo-6.5-7.cm1.x86_64.rpm autoconf-2.69-10.cm1.noarch.rpm automake-1.16.1-3.cm1.noarch.rpm -openssl-1.1.1k-13.cm1.x86_64.rpm -openssl-devel-1.1.1k-13.cm1.x86_64.rpm -openssl-libs-1.1.1k-13.cm1.x86_64.rpm -openssl-perl-1.1.1k-13.cm1.x86_64.rpm -openssl-static-1.1.1k-13.cm1.x86_64.rpm -openssl-debuginfo-1.1.1k-13.cm1.x86_64.rpm +openssl-1.1.1k-14.cm1.x86_64.rpm +openssl-devel-1.1.1k-14.cm1.x86_64.rpm +openssl-libs-1.1.1k-14.cm1.x86_64.rpm +openssl-perl-1.1.1k-14.cm1.x86_64.rpm +openssl-static-1.1.1k-14.cm1.x86_64.rpm +openssl-debuginfo-1.1.1k-14.cm1.x86_64.rpm libcap-2.26-2.cm1.x86_64.rpm libcap-devel-2.26-2.cm1.x86_64.rpm libcap-ng-0.7.9-3.cm1.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 39bf4ceb115..33240e4cbba 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -300,12 +300,12 @@ openjdk8-src-1.8.0.332-1.cm1.aarch64.rpm openjre8-1.8.0.332-1.cm1.aarch64.rpm openldap-2.4.57-3.cm1.aarch64.rpm openldap-debuginfo-2.4.57-3.cm1.aarch64.rpm -openssl-1.1.1k-13.cm1.aarch64.rpm -openssl-debuginfo-1.1.1k-13.cm1.aarch64.rpm -openssl-devel-1.1.1k-13.cm1.aarch64.rpm -openssl-libs-1.1.1k-13.cm1.aarch64.rpm -openssl-perl-1.1.1k-13.cm1.aarch64.rpm -openssl-static-1.1.1k-13.cm1.aarch64.rpm +openssl-1.1.1k-14.cm1.aarch64.rpm +openssl-debuginfo-1.1.1k-14.cm1.aarch64.rpm +openssl-devel-1.1.1k-14.cm1.aarch64.rpm +openssl-libs-1.1.1k-14.cm1.aarch64.rpm +openssl-perl-1.1.1k-14.cm1.aarch64.rpm +openssl-static-1.1.1k-14.cm1.aarch64.rpm p11-kit-0.23.22-1.cm1.aarch64.rpm p11-kit-debuginfo-0.23.22-1.cm1.aarch64.rpm p11-kit-devel-0.23.22-1.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index ae284efac07..e5dcd42effd 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -300,12 +300,12 @@ openjdk8-src-1.8.0.332-1.cm1.x86_64.rpm openjre8-1.8.0.332-1.cm1.x86_64.rpm openldap-2.4.57-3.cm1.x86_64.rpm openldap-debuginfo-2.4.57-3.cm1.x86_64.rpm -openssl-1.1.1k-13.cm1.x86_64.rpm -openssl-debuginfo-1.1.1k-13.cm1.x86_64.rpm -openssl-devel-1.1.1k-13.cm1.x86_64.rpm -openssl-libs-1.1.1k-13.cm1.x86_64.rpm -openssl-perl-1.1.1k-13.cm1.x86_64.rpm -openssl-static-1.1.1k-13.cm1.x86_64.rpm +openssl-1.1.1k-14.cm1.x86_64.rpm +openssl-debuginfo-1.1.1k-14.cm1.x86_64.rpm +openssl-devel-1.1.1k-14.cm1.x86_64.rpm +openssl-libs-1.1.1k-14.cm1.x86_64.rpm +openssl-perl-1.1.1k-14.cm1.x86_64.rpm +openssl-static-1.1.1k-14.cm1.x86_64.rpm p11-kit-0.23.22-1.cm1.x86_64.rpm p11-kit-debuginfo-0.23.22-1.cm1.x86_64.rpm p11-kit-devel-0.23.22-1.cm1.x86_64.rpm From fa2efc4b3f542f8610112cd6487f22af551e1262 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Sat, 1 Apr 2023 02:03:49 -0700 Subject: [PATCH 04/16] Nopatch kernel to address CVE-2023-1390, CVE-2023-1281, CVE-2023-28772 --- SPECS/kernel/CVE-2023-1281.nopatch | 3 +++ SPECS/kernel/CVE-2023-1390.nopatch | 3 +++ SPECS/kernel/CVE-2023-28772.nopatch | 3 +++ 3 files changed, 9 insertions(+) create mode 100644 SPECS/kernel/CVE-2023-1281.nopatch create mode 100644 SPECS/kernel/CVE-2023-1390.nopatch create mode 100644 SPECS/kernel/CVE-2023-28772.nopatch diff --git a/SPECS/kernel/CVE-2023-1281.nopatch b/SPECS/kernel/CVE-2023-1281.nopatch new file mode 100644 index 00000000000..f5e4c62c2e5 --- /dev/null +++ b/SPECS/kernel/CVE-2023-1281.nopatch @@ -0,0 +1,3 @@ +CVE-2023-1281 - patched in 5.10.169 - (generated by autopatch tool) +upstream ee059170b1f7e94e55fa6cadee544e176a6e59c2 - stable eb8e9d8572d1d9df17272783ad8a84843ce559d4 + diff --git a/SPECS/kernel/CVE-2023-1390.nopatch b/SPECS/kernel/CVE-2023-1390.nopatch new file mode 100644 index 00000000000..336dfce8135 --- /dev/null +++ b/SPECS/kernel/CVE-2023-1390.nopatch @@ -0,0 +1,3 @@ +CVE-2023-1390 - patched in 5.10.10 - (generated by autopatch tool) +upstream b77413446408fdd256599daf00d5be72b5f3e7c6 - stable 60b8b4e6310b7dfc551ba68e8639eeaf70a0b2dd + diff --git a/SPECS/kernel/CVE-2023-28772.nopatch b/SPECS/kernel/CVE-2023-28772.nopatch new file mode 100644 index 00000000000..e0b73b5e174 --- /dev/null +++ b/SPECS/kernel/CVE-2023-28772.nopatch @@ -0,0 +1,3 @@ +CVE-2023-28772 - patched in 5.10.51 - (generated by autopatch tool) +upstream d3b16034a24a112bb83aeb669ac5b9b01f744bb7 - stable f9fb4986f4d81182f938d16beb4f983fe71212aa + From e6aaed5d15178289671a12c3b1f1c21607d3b0c1 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Mon, 3 Apr 2023 09:53:59 -0700 Subject: [PATCH 05/16] Nopatch kernel for CVE-2023-1079 (#5207) --- SPECS/kernel/CVE-2023-1079.nopatch | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 SPECS/kernel/CVE-2023-1079.nopatch diff --git a/SPECS/kernel/CVE-2023-1079.nopatch b/SPECS/kernel/CVE-2023-1079.nopatch new file mode 100644 index 00000000000..140ea46e6a1 --- /dev/null +++ b/SPECS/kernel/CVE-2023-1079.nopatch @@ -0,0 +1,3 @@ +CVE-2023-1079 - patched in 5.10.173 - (generated by autopatch tool) +upstream 4ab3a086d10eeec1424f2e8a968827a6336203df - stable 21a2eec4a440060a6eb294dc890eaf553101ba09 + From 7fca86b183ff108daafdc1a418a17346f0859195 Mon Sep 17 00:00:00 2001 From: suresh-thelkar Date: Wed, 5 Apr 2023 21:03:24 +0530 Subject: [PATCH 06/16] Patch xinetd with CVE-2013-4342 (#5229) --- SPECS/xinetd/CVE-2013-4342.patch | 27 +++++++++++++++++++++++++++ SPECS/xinetd/xinetd.spec | 8 ++++++-- 2 files changed, 33 insertions(+), 2 deletions(-) create mode 100644 SPECS/xinetd/CVE-2013-4342.patch diff --git a/SPECS/xinetd/CVE-2013-4342.patch b/SPECS/xinetd/CVE-2013-4342.patch new file mode 100644 index 00000000000..e183e1d1358 --- /dev/null +++ b/SPECS/xinetd/CVE-2013-4342.patch @@ -0,0 +1,27 @@ +From 91e2401a219121eae15244a6b25d2e79c1af5864 Mon Sep 17 00:00:00 2001 +From: Thomas Swan +Date: Wed, 2 Oct 2013 23:17:17 -0500 +Subject: [PATCH] CVE-2013-4342: xinetd: ignores user and group directives for + TCPMUX services + +Originally reported to Debian in 2005 and rediscovered , xinetd would execute TCPMUX services without dropping privilege to match the service configuration allowing the service to run with same privilege as the xinetd process (root). +--- + xinetd/builtins.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/xinetd/builtins.c b/xinetd/builtins.c +index 3b85579..34a5bac 100644 +--- a/xinetd/builtins.c ++++ b/xinetd/builtins.c +@@ -617,7 +617,7 @@ static void tcpmux_handler( const struct server *serp ) + if( SC_IS_INTERNAL( scp ) ) { + SC_INTERNAL(scp, nserp); + } else { +- exec_server(nserp); ++ child_process(nserp); + } + } + +-- +2.38.1 + diff --git a/SPECS/xinetd/xinetd.spec b/SPECS/xinetd/xinetd.spec index b8f54a20f47..59172f2c16c 100644 --- a/SPECS/xinetd/xinetd.spec +++ b/SPECS/xinetd/xinetd.spec @@ -1,7 +1,7 @@ Summary: xinetd -- A better inetd. Name: xinetd Version: 2.3.15 -Release: 12%{?dist} +Release: 13%{?dist} License: BSD Group: System Environment/Daemons Vendor: Microsoft Corporation @@ -10,6 +10,7 @@ URL: https://github.com/xinetd-org/xinetd #Source0: https://github.com/xinetd-org/xinetd/archive/%{name}-2-3-15.tar.gz Source0: %{name}-%{version}.tar.gz Source1: xinetd.service +Patch0: CVE-2013-4342.patch BuildRequires: systemd BuildRequires: libtirpc-devel Requires: systemd @@ -23,7 +24,7 @@ of servers that can be started, and has a configurable defence mechanism to protect against port scanners, among other things. %prep -%setup -q +%autosetup -p1 %build %configure \ @@ -71,6 +72,9 @@ rm -rf %{buildroot} %{_libdir}/systemd/system-preset/50-xinetd.preset %changelog +* Wed Apr 05 2023 Suresh Thelkar - 2.3.15-13 +- Patch CVE-2013-4342 + * Sat May 09 2020 Nick Samson - 2.3.15-12 - Added %%license line automatically From b3b27c445321524e08bcf28bdbbec74c89193a26 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Wed, 5 Apr 2023 16:28:56 -0700 Subject: [PATCH 07/16] Nopatch kernel for CVE-2023-1513 (#5224) --- SPECS/kernel/CVE-2023-1513.nopatch | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 SPECS/kernel/CVE-2023-1513.nopatch diff --git a/SPECS/kernel/CVE-2023-1513.nopatch b/SPECS/kernel/CVE-2023-1513.nopatch new file mode 100644 index 00000000000..7bf0b9ef558 --- /dev/null +++ b/SPECS/kernel/CVE-2023-1513.nopatch @@ -0,0 +1,3 @@ +CVE-2023-1513 - patched in 5.10.169 - (generated by autopatch tool) +upstream 2c10b61421a28e95a46ab489fd56c0f442ff6952 - stable 6416c2108ba54d569e4c98d3b62ac78cb12e7107 + From cf5a13281a45d7d27239ef2ff53d7eb907291110 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Wed, 5 Apr 2023 22:05:59 -0700 Subject: [PATCH 08/16] Upgrade c-ares to 1.19.0 To Address CVE-2022-4904 (#5222) --- SPECS/c-ares/c-ares.signatures.json | 6 +++--- SPECS/c-ares/c-ares.spec | 5 ++++- cgmanifest.json | 6 +++--- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/SPECS/c-ares/c-ares.signatures.json b/SPECS/c-ares/c-ares.signatures.json index 8809d8b1f5d..9a72e9a0146 100644 --- a/SPECS/c-ares/c-ares.signatures.json +++ b/SPECS/c-ares/c-ares.signatures.json @@ -1,5 +1,5 @@ { - "Signatures": { - "c-ares-1.18.1.tar.gz": "1a7d52a8a84a9fbffb1be9133c0f6e17217d91ea5a6fa61f6b4729cda78ebbcf" - } + "Signatures": { + "c-ares-1.19.0.tar.gz": "bfceba37e23fd531293829002cac0401ef49a6dc55923f7f92236585b7ad1dd3" + } } \ No newline at end of file diff --git a/SPECS/c-ares/c-ares.spec b/SPECS/c-ares/c-ares.spec index a3b2c15add9..e66f1cb3fe7 100644 --- a/SPECS/c-ares/c-ares.spec +++ b/SPECS/c-ares/c-ares.spec @@ -1,6 +1,6 @@ Summary: A library that performs asynchronous DNS operations Name: c-ares -Version: 1.18.1 +Version: 1.19.0 Release: 1%{?dist} License: MIT Vendor: Microsoft Corporation @@ -70,6 +70,9 @@ rm -rf %{buildroot} %{_mandir}/man3/ares_* %changelog +* Tue Apr 04 2023 CBL-Mariner Servicing Account - 1.19.0-1 +- Auto-upgrade to 1.19.0 - To Address CVE-2022-4904 + * Sun Nov 28 2021 Muhammad Falak - 1.18.1-1 - Bump version to fix CVE-2021-3672 diff --git a/cgmanifest.json b/cgmanifest.json index b8130065793..b07f08ac2d0 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -516,8 +516,8 @@ "type": "other", "other": { "name": "c-ares", - "version": "1.18.1", - "downloadUrl": "https://c-ares.haxx.se/download/c-ares-1.18.1.tar.gz" + "version": "1.19.0", + "downloadUrl": "https://c-ares.haxx.se/download/c-ares-1.19.0.tar.gz" } } }, @@ -8993,4 +8993,4 @@ } ], "Version": 1 -} +} \ No newline at end of file From 847fce0c43997a5f945851d5e4067c6df8821952 Mon Sep 17 00:00:00 2001 From: Henry Beberman Date: Thu, 6 Apr 2023 09:00:47 -0700 Subject: [PATCH 09/16] Patch systemd to fix CVE-2023-26604 (#5234) --- SPECS/systemd/CVE-2023-26604.patch | 90 +++++++++++++++++++ SPECS/systemd/systemd.spec | 6 +- .../manifests/package/toolchain_aarch64.txt | 8 +- .../manifests/package/toolchain_x86_64.txt | 8 +- 4 files changed, 103 insertions(+), 9 deletions(-) create mode 100644 SPECS/systemd/CVE-2023-26604.patch diff --git a/SPECS/systemd/CVE-2023-26604.patch b/SPECS/systemd/CVE-2023-26604.patch new file mode 100644 index 00000000000..aca90e9bf09 --- /dev/null +++ b/SPECS/systemd/CVE-2023-26604.patch @@ -0,0 +1,90 @@ +Backported SYSTEMD_PAGERSECURE fix from systemd v247 + +Signed-off-by: Henry Beberman + +diff -Naur a/src/basic/pager.c b/src/basic/pager.c +--- a/src/basic/pager.c 2018-06-22 04:11:49.000000000 -0700 ++++ b/src/basic/pager.c 2023-04-05 13:49:34.940921162 -0700 +@@ -10,7 +10,10 @@ + #include + #include + ++#include "sd-login.h" ++ + #include "copy.h" ++#include "env-util.h" + #include "fd-util.h" + #include "locale-util.h" + #include "log.h" +@@ -104,21 +107,61 @@ + setenv("LESSCHARSET", less_charset, 1) < 0) + _exit(EXIT_FAILURE); + +- if (pager) { ++ /* People might invoke us from sudo, don't needlessly allow less to be a way to shell out ++ * privileged stuff. If the user set $SYSTEMD_PAGERSECURE, trust their configuration of the ++ * pager. If they didn't, use secure mode when under euid is changed. If $SYSTEMD_PAGERSECURE ++ * wasn't explicitly set, and we autodetect the need for secure mode, only use the pager we ++ * know to be good. */ ++ int use_secure_mode = getenv_bool_secure("SYSTEMD_PAGERSECURE"); ++ bool trust_pager = use_secure_mode >= 0; ++ if (use_secure_mode == -ENXIO) { ++ uid_t uid; ++ ++ r = sd_pid_get_owner_uid(0, &uid); ++ if (r < 0) ++ log_debug_errno(r, "sd_pid_get_owner_uid() failed, enabling pager secure mode: %m"); ++ ++ use_secure_mode = r < 0 || uid != geteuid(); ++ ++ } else if (use_secure_mode < 0) { ++ log_warning_errno(use_secure_mode, "Unable to parse $SYSTEMD_PAGERSECURE, assuming true: %m"); ++ use_secure_mode = true; ++ } ++ ++ /* We generally always set variables used by less, even if we end up using a different pager. ++ * They shouldn't hurt in any case, and ideally other pagers would look at them too. */ ++ if (use_secure_mode) ++ r = setenv("LESSSECURE", "1", 1); ++ else ++ r = unsetenv("LESSSECURE"); ++ if (r < 0) { ++ log_error_errno(errno, "Failed to adjust environment variable LESSSECURE: %m"); ++ _exit(EXIT_FAILURE); ++ } ++ ++ /* In order to use the pager specified by SYSTEMD_PAGER or PAGER env vars the user ++ must have also explicitly set SYSTEMD_PAGERSECURE to signal that they trust it */ ++ if (pager && trust_pager) { + execlp(pager, pager, NULL); + execl("/bin/sh", "sh", "-c", pager, NULL); + } + +- /* Debian's alternatives command for pagers is +- * called 'pager'. Note that we do not call +- * sensible-pagers here, since that is just a +- * shell script that implements a logic that +- * is similar to this one anyway, but is +- * Debian-specific. */ +- execlp("pager", "pager", NULL); ++ if (use_secure_mode) { ++ /* Only allow the use of less if secure pager mode was enabled */ ++ execlp("less", "less", NULL); ++ } else { ++ /* Debian's alternatives command for pagers is ++ * called 'pager'. Note that we do not call ++ * sensible-pagers here, since that is just a ++ * shell script that implements a logic that ++ * is similar to this one anyway, but is ++ * Debian-specific. */ ++ execlp("pager", "pager", NULL); ++ ++ execlp("less", "less", NULL); ++ execlp("more", "more", NULL); ++ } + +- execlp("less", "less", NULL); +- execlp("more", "more", NULL); + + pager_fallback(); + /* not reached */ diff --git a/SPECS/systemd/systemd.spec b/SPECS/systemd/systemd.spec index 780f0bd3ade..15a31a6bf64 100644 --- a/SPECS/systemd/systemd.spec +++ b/SPECS/systemd/systemd.spec @@ -1,7 +1,7 @@ Summary: Systemd-239 Name: systemd Version: 239 -Release: 43%{?dist} +Release: 44%{?dist} License: LGPLv2+ AND GPLv2+ AND MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -45,6 +45,7 @@ Patch24: CVE-2021-33910.patch Patch25: Backport-fix-dhcp-routes.patch Patch26: Add-ptp_hyperv-udev-rule.patch Patch27: CVE-2022-3821.patch +Patch28: CVE-2023-26604.patch #Portablectl patches for --now --enable and --no-block flags support Patch100: 100-portabled-allow-to-detach-an-image-with-a-unit-in-li.patch @@ -288,6 +289,9 @@ rm -rf %{buildroot}/* %files lang -f %{name}.lang %changelog +* Wed Apr 05 2023 Henry Beberman - 239-44 +- Add patch for CVE-2023-26604 + * Mon Nov 21 2022 Andrew Phelps - 239-43 - Add patch for CVE-2022-3821 diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 33240e4cbba..6d6159ef4e9 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -390,13 +390,13 @@ sqlite-devel-3.34.1-2.cm1.aarch64.rpm sqlite-libs-3.34.1-2.cm1.aarch64.rpm swig-4.0.2-1.cm1.aarch64.rpm swig-debuginfo-4.0.2-1.cm1.aarch64.rpm -systemd-239-43.cm1.aarch64.rpm +systemd-239-44.cm1.aarch64.rpm systemd-bootstrap-239-40.cm1.aarch64.rpm systemd-bootstrap-debuginfo-239-40.cm1.aarch64.rpm systemd-bootstrap-devel-239-40.cm1.aarch64.rpm -systemd-debuginfo-239-43.cm1.aarch64.rpm -systemd-devel-239-43.cm1.aarch64.rpm -systemd-lang-239-43.cm1.aarch64.rpm +systemd-debuginfo-239-44.cm1.aarch64.rpm +systemd-devel-239-44.cm1.aarch64.rpm +systemd-lang-239-44.cm1.aarch64.rpm tar-1.32-2.cm1.aarch64.rpm tar-debuginfo-1.32-2.cm1.aarch64.rpm tdnf-2.1.0-7.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index e5dcd42effd..f3660633c35 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -390,13 +390,13 @@ sqlite-devel-3.34.1-2.cm1.x86_64.rpm sqlite-libs-3.34.1-2.cm1.x86_64.rpm swig-4.0.2-1.cm1.x86_64.rpm swig-debuginfo-4.0.2-1.cm1.x86_64.rpm -systemd-239-43.cm1.x86_64.rpm +systemd-239-44.cm1.x86_64.rpm systemd-bootstrap-239-40.cm1.x86_64.rpm systemd-bootstrap-debuginfo-239-40.cm1.x86_64.rpm systemd-bootstrap-devel-239-40.cm1.x86_64.rpm -systemd-debuginfo-239-43.cm1.x86_64.rpm -systemd-devel-239-43.cm1.x86_64.rpm -systemd-lang-239-43.cm1.x86_64.rpm +systemd-debuginfo-239-44.cm1.x86_64.rpm +systemd-devel-239-44.cm1.x86_64.rpm +systemd-lang-239-44.cm1.x86_64.rpm tar-1.32-2.cm1.x86_64.rpm tar-debuginfo-1.32-2.cm1.x86_64.rpm tdnf-2.1.0-7.cm1.x86_64.rpm From ec2b26e1daf78a1356970d597d047657ed9cb962 Mon Sep 17 00:00:00 2001 From: Henry Beberman Date: Thu, 6 Apr 2023 09:02:03 -0700 Subject: [PATCH 10/16] Patch cloud-hypervisor for vendored CVE-2023-28448 (#5237) --- SPECS/cloud-hypervisor/CVE-2023-28448.patch | 56 ++++++++++++++++++++ SPECS/cloud-hypervisor/cloud-hypervisor.spec | 7 ++- 2 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 SPECS/cloud-hypervisor/CVE-2023-28448.patch diff --git a/SPECS/cloud-hypervisor/CVE-2023-28448.patch b/SPECS/cloud-hypervisor/CVE-2023-28448.patch new file mode 100644 index 00000000000..0d8e7b6c6b7 --- /dev/null +++ b/SPECS/cloud-hypervisor/CVE-2023-28448.patch @@ -0,0 +1,56 @@ +diff -Naur a/.cargo/registry/src/github.com-1ecc6299db9ec823/versionize-0.1.6/src/primitives.rs b/.cargo/registry/src/github.com-1ecc6299db9ec823/versionize-0.1.6/src/primitives.rs +--- a/.cargo/registry/src/github.com-1ecc6299db9ec823/versionize-0.1.6/src/primitives.rs 2021-04-25 17:00:00.000000000 -0700 ++++ b/.cargo/registry/src/github.com-1ecc6299db9ec823/versionize-0.1.6/src/primitives.rs 2023-04-05 15:33:56.893718099 -0700 +@@ -367,6 +367,16 @@ + let entries: Vec<::Entry> = + Vec::deserialize(reader, version_map, app_version) + .map_err(|ref err| VersionizeError::Deserialize(format!("{:?}", err)))?; ++ if header.len() != entries.len() { ++ let msg = format!( ++ "Mismatch between length of FAM specified in FamStruct header ({}) \ ++ and actual size of FAM ({})", ++ header.len(), ++ entries.len() ++ ); ++ ++ return Err(VersionizeError::Deserialize(msg)); ++ } + // Construct the object from the array items. + // Header(T) fields will be initialized by Default trait impl. + let mut object = FamStructWrapper::from_entries(&entries) +diff -Naur a/.cargo/registry/src/github.com-1ecc6299db9ec823/versionize-0.1.6/tests/test.rs b/.cargo/registry/src/github.com-1ecc6299db9ec823/versionize-0.1.6/tests/test.rs +--- a/.cargo/registry/src/github.com-1ecc6299db9ec823/versionize-0.1.6/tests/test.rs 2021-04-25 17:00:00.000000000 -0700 ++++ b/.cargo/registry/src/github.com-1ecc6299db9ec823/versionize-0.1.6/tests/test.rs 2023-04-05 15:34:57.145737780 -0700 +@@ -1321,6 +1321,32 @@ + type Message2FamStructWrapper = FamStructWrapper; + + #[test] ++fn test_deserialize_famstructwrapper_invalid_len() { ++ let mut vm = VersionMap::new(); ++ vm.new_version() ++ .set_type_version(Message::type_id(), 2) ++ .new_version() ++ .set_type_version(Message::type_id(), 3) ++ .new_version() ++ .set_type_version(Message::type_id(), 4); ++ ++ // Create FamStructWrapper with len 2 ++ let state = MessageFamStructWrapper::new(0).unwrap(); ++ let mut buffer = [0; 256]; ++ ++ state.serialize(&mut buffer.as_mut_slice(), &vm, 2).unwrap(); ++ ++ // the `len` field of the header is the first serialized field. ++ // Let's corrupt it by making it bigger than the actual number of serialized elements ++ buffer[0] = 255; ++ ++ assert_eq!( ++ MessageFamStructWrapper::deserialize(&mut buffer.as_slice(), &vm, 2).unwrap_err(), ++ VersionizeError::Deserialize("Mismatch between length of FAM specified in FamStruct header (255) and actual size of FAM (0)".to_string()) ++ ); ++} ++ ++#[test] + fn test_versionize_famstructwrapper() { + let mut vm = VersionMap::new(); + vm.new_version() diff --git a/SPECS/cloud-hypervisor/cloud-hypervisor.spec b/SPECS/cloud-hypervisor/cloud-hypervisor.spec index b300edab2d7..0b39ccc1b54 100644 --- a/SPECS/cloud-hypervisor/cloud-hypervisor.spec +++ b/SPECS/cloud-hypervisor/cloud-hypervisor.spec @@ -1,7 +1,7 @@ Summary: A Rust-VMM based cloud hypervisor from Intel Name: cloud-hypervisor Version: 22.0 -Release: 1%{?dist} +Release: 2%{?dist} License: ASL 2.0 or BSD URL: https://github.com/cloud-hypervisor/cloud-hypervisor Group: Development/Tools @@ -12,6 +12,7 @@ Source0: %{url}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz # To update the cache run: # [repo_root]/toolkit/scripts/build_cargo_cache.sh %%{name}-%%{version}.tar.gz Source1: %{name}-%{version}-cargo.tar.gz +Patch0: CVE-2023-28448.patch ExclusiveArch: x86_64 BuildRequires: gcc @@ -28,6 +29,7 @@ A Rust-VMM based cloud hypervisor from Intel. mkdir -p $HOME pushd $HOME tar xf %{SOURCE1} --no-same-owner +%patch0 -p1 popd %setup -q @@ -49,6 +51,9 @@ install -d %{buildroot}%{_libdir}/cloud-hypervisor %exclude %{_libdir}/debug %changelog +* Wed Apr 05 2023 Henry Beberman - 22.0-2 +- Patch CVE-2023-28448 in vendored versionize crate + * Wed Mar 09 2022 Pawel Winogrodzki - 22.0-1 - Updating to version 22.0 to build with 'rust' 1.59.0. From 3cc941cdd189465193768f7e8ef83ab71c3b6298 Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Thu, 6 Apr 2023 15:31:55 -0700 Subject: [PATCH 11/16] Fixing 'UNATTENDED_INSTALLER' argument. (#5239) --- toolkit/scripts/imggen.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/toolkit/scripts/imggen.mk b/toolkit/scripts/imggen.mk index f80aa619d8c..469a911f27a 100644 --- a/toolkit/scripts/imggen.mk +++ b/toolkit/scripts/imggen.mk @@ -186,7 +186,7 @@ iso: $(go-isomaker) $(go-liveinstaller) $(go-imager) $(depend_CONFIG_FILE) $(CON --iso-repo $(local_and_external_rpm_cache) \ --log-level=$(LOG_LEVEL) \ --log-file=$(LOGS_DIR)/imggen/isomaker.log \ - $(if $(UNATTENDED_INSTALLER),--unattended-install) \ + $(if $(filter y,$(UNATTENDED_INSTALLER)),--unattended-install) \ --output-dir $(artifact_dir) \ --image-tag=$(IMAGE_TAG) meta-user-data: $(meta_user_data_files) From b2c49f0718b86006ab069d9bd2e8e2fea5695603 Mon Sep 17 00:00:00 2001 From: Muhammad Falak R Wani Date: Thu, 13 Apr 2023 11:35:03 +0530 Subject: [PATCH 12/16] Run go-fmt on toolkit (#5293) Signed-off-by: Muhammad Falak R Wani --- .../configuration/kernelcommandline.go | 6 ++--- .../imagegen/configuration/veritydisk.go | 22 +++++++++---------- .../imagegen/installutils/installutils.go | 6 +++-- .../internal/buildpipeline/buildpipeline.go | 14 ++++++------ .../repocloner/rpmrepocloner/rpmrepocloner.go | 14 ++++++------ toolkit/tools/internal/pkggraph/pkggraph.go | 6 ++--- .../tools/internal/pkggraph/pkggraph_test.go | 2 +- toolkit/tools/internal/pkgjson/pkgjson.go | 4 ++-- .../tools/internal/safechroot/safechroot.go | 17 +++++++------- 9 files changed, 47 insertions(+), 44 deletions(-) diff --git a/toolkit/tools/imagegen/configuration/kernelcommandline.go b/toolkit/tools/imagegen/configuration/kernelcommandline.go index ccfb62b3782..d17429a7d0f 100644 --- a/toolkit/tools/imagegen/configuration/kernelcommandline.go +++ b/toolkit/tools/imagegen/configuration/kernelcommandline.go @@ -13,9 +13,9 @@ import ( // KernelCommandLine holds extra command line parameters which can be // added to the grub config file. -// - ImaPolicy: A list of IMA policies which will be used together -// - ExtraCommandLine: Arbitrary parameters which will be appended to the -// end of the kernel command line +// - ImaPolicy: A list of IMA policies which will be used together +// - ExtraCommandLine: Arbitrary parameters which will be appended to the +// end of the kernel command line type KernelCommandLine struct { ImaPolicy []ImaPolicy `json:"ImaPolicy"` SELinux SELinux `json:"SELinux"` diff --git a/toolkit/tools/imagegen/configuration/veritydisk.go b/toolkit/tools/imagegen/configuration/veritydisk.go index 311e27967c1..4c99604c3ef 100644 --- a/toolkit/tools/imagegen/configuration/veritydisk.go +++ b/toolkit/tools/imagegen/configuration/veritydisk.go @@ -16,30 +16,30 @@ import ( // ReadOnlyVerityRoot controls DM-Verity read-only filesystems which will be mounted at startup // It will create a verity disk from the partition mounted at "/". The verity data is stored as // part of the image's initramfs. -// - Enable: Enable dm-verity on the root filesystem and add the root hash to the +// - Enable: Enable dm-verity on the root filesystem and add the root hash to the // initramfs -// - Name: Custom name for the mounted root (default is "verity_root_fs") -// - ErrorCorrectionEnable: Enable Reed-Solomon forward error correction of read-only data and +// - Name: Custom name for the mounted root (default is "verity_root_fs") +// - ErrorCorrectionEnable: Enable Reed-Solomon forward error correction of read-only data and // add the FEC data to the initramfs -// - ErrorCorrectionEncodingRoots: Increase overhead to increase resiliency, default is 2 +// - ErrorCorrectionEncodingRoots: Increase overhead to increase resiliency, default is 2 // encoding bytes per 255 bytes of real data) giving 0.8% overhead ( RS(255,253) ) // For a given N (where N = 255 - #Roots), the number of consecutive recoverable blocks is: -// ceiling(# of 4k blocks in disk / (N)) * (255-N) -// ie for 2GiB disk: ceiling(524288 / 253) * (255-253) = 2073 * 2 = 4146 blocks = ~16MiB -// - RootHashSignatureEnable: Validate the root hash against a key stored in the kernel's +// ceiling(# of 4k blocks in disk / (N)) * (255-N) +// ie for 2GiB disk: ceiling(524288 / 253) * (255-253) = 2073 * 2 = 4146 blocks = ~16MiB +// - RootHashSignatureEnable: Validate the root hash against a key stored in the kernel's // system keyring. The signature file should be called ".p7" and must be stored in // the initramfs. This signature WILL NOT BE included automatically in the initramfs. It must // be included via an out of band build step (extract initramfs, create signature from root, // add signature file, recompress). -// - ValidateOnBoot: Run a validation of the full disk at boot time, normally blocks are validated +// - ValidateOnBoot: Run a validation of the full disk at boot time, normally blocks are validated // only as needed. This can take several minutes if the disk is corrupted. -// - VerityErrorBehavior: System behavior when encountering an unrecoverable verity corruption. One +// - VerityErrorBehavior: System behavior when encountering an unrecoverable verity corruption. One // of 'ignore', 'restart', 'panic' -// - TmpfsOverlays: Mount these paths as writable overlays backed by a tmpfs in memory. They are +// - TmpfsOverlays: Mount these paths as writable overlays backed by a tmpfs in memory. They are // discarded on reboot. Overlays should not overlap each other. If a directory is not already // present it will be created automatically. Persistant overlays can be created by mounting // writable partitions as normal. -// - TmpfsOverlayDebugEnabled: Make the tmpfs overlay mounts easily accessible for debugging +// - TmpfsOverlayDebugEnabled: Make the tmpfs overlay mounts easily accessible for debugging // purposes. They can be found in /mnt/verity_overlay_debug_tmpfs type ReadOnlyVerityRoot struct { Enable bool `json:"Enable"` diff --git a/toolkit/tools/imagegen/installutils/installutils.go b/toolkit/tools/imagegen/installutils/installutils.go index 37380ff2f7c..e063bd2f6c2 100644 --- a/toolkit/tools/imagegen/installutils/installutils.go +++ b/toolkit/tools/imagegen/installutils/installutils.go @@ -291,7 +291,9 @@ func umount(path string) (err error) { // PackageNamesFromSingleSystemConfig goes through the packageslist field in the systemconfig and extracts the list of packages // from each of the packagelists. // NOTE: the package list contains the versions restrictions for the packages, if present, in the form "[package][condition][version]". -// Example: gcc=9.1.0 +// +// Example: gcc=9.1.0 +// // - systemConfig is the systemconfig field from the config file // Since kernel is not part of the packagelist, it is added separately from KernelOptions. func PackageNamesFromSingleSystemConfig(systemConfig configuration.SystemConfig) (finalPkgList []string, err error) { @@ -2204,7 +2206,7 @@ func isRunningInHyperV() (isHyperV bool, err error) { return } -//KernelPackages returns a list of kernel packages obtained from KernelOptions in the config's SystemConfigs +// KernelPackages returns a list of kernel packages obtained from KernelOptions in the config's SystemConfigs func KernelPackages(config configuration.Config) []*pkgjson.PackageVer { var packageList []*pkgjson.PackageVer // Add all the provided kernels to the package list diff --git a/toolkit/tools/internal/buildpipeline/buildpipeline.go b/toolkit/tools/internal/buildpipeline/buildpipeline.go index b0f2a715c73..59430b40e9a 100644 --- a/toolkit/tools/internal/buildpipeline/buildpipeline.go +++ b/toolkit/tools/internal/buildpipeline/buildpipeline.go @@ -32,8 +32,8 @@ func IsRegularBuild() bool { } // GetChrootDir returns the chroot folder -// - proposeDir is suggested folder name -// in case of Docker based build a chroot dir is selected from the chroot pool and proposeDir is ignored +// - proposeDir is suggested folder name +// in case of Docker based build a chroot dir is selected from the chroot pool and proposeDir is ignored func GetChrootDir(proposedDir string) (chrootDir string, err error) { if IsRegularBuild() { // don't change proposed dir in case of regular build @@ -180,11 +180,11 @@ func GetRpmsDir(chrootDir string, proposedDir string) string { } // CleanupDockerChroot: Docker based only, clean chroot => -// 1) delete everything but the folders listed -// these folders are the ones mounted in docker run command (-v option) -// 2) create empty folders -// these folders are required by chroot (e.g.: /run) and needs to be created empty -// to not inherit anything from previous build +// 1. delete everything but the folders listed +// these folders are the ones mounted in docker run command (-v option) +// 2. create empty folders +// these folders are required by chroot (e.g.: /run) and needs to be created empty +// to not inherit anything from previous build func CleanupDockerChroot(chroot string) (err error) { var folderToKeep = []string{ "dev", diff --git a/toolkit/tools/internal/packagerepo/repocloner/rpmrepocloner/rpmrepocloner.go b/toolkit/tools/internal/packagerepo/repocloner/rpmrepocloner/rpmrepocloner.go index 704671b541c..20c1ca387ea 100644 --- a/toolkit/tools/internal/packagerepo/repocloner/rpmrepocloner/rpmrepocloner.go +++ b/toolkit/tools/internal/packagerepo/repocloner/rpmrepocloner/rpmrepocloner.go @@ -71,13 +71,13 @@ func New() *RpmRepoCloner { } // Initialize initializes rpmrepocloner, enabling Clone() to be called. -// - destinationDir is the directory to save RPMs -// - tmpDir is the directory to create a chroot -// - workerTar is the path to the worker tar used to seed the chroot -// - existingRpmsDir is the directory with prebuilt RPMs -// - useUpdateRepo if set, the upstream update repository will be used. -// - usePreviewRepo if set, the upstream preview repository will be used. -// - repoDefinitions is a list of repo files to use when cloning RPMs +// - destinationDir is the directory to save RPMs +// - tmpDir is the directory to create a chroot +// - workerTar is the path to the worker tar used to seed the chroot +// - existingRpmsDir is the directory with prebuilt RPMs +// - useUpdateRepo if set, the upstream update repository will be used. +// - usePreviewRepo if set, the upstream preview repository will be used. +// - repoDefinitions is a list of repo files to use when cloning RPMs func (r *RpmRepoCloner) Initialize(destinationDir, tmpDir, workerTar, existingRpmsDir string, useUpdateRepo, usePreviewRepo bool, repoDefinitions []string) (err error) { const ( isExistingDir = false diff --git a/toolkit/tools/internal/pkggraph/pkggraph.go b/toolkit/tools/internal/pkggraph/pkggraph.go index fcca757f1d5..cc791446e1e 100644 --- a/toolkit/tools/internal/pkggraph/pkggraph.go +++ b/toolkit/tools/internal/pkggraph/pkggraph.go @@ -81,13 +81,13 @@ func (n PkgNode) ID() int64 { return n.nodeID } -//PkgGraph implements a simple.DirectedGraph using pkggraph Nodes. +// PkgGraph implements a simple.DirectedGraph using pkggraph Nodes. type PkgGraph struct { *simple.DirectedGraph nodeLookup map[string][]*LookupNode } -//LookupNode represents a graph node for a package in the lookup list +// LookupNode represents a graph node for a package in the lookup list type LookupNode struct { RunNode *PkgNode // The "meta" run node for a package. Tracks the run-time dependencies for the package. Remote packages will only have a RunNode. BuildNode *PkgNode // The build node for a package. Tracks the build requirements for the package. May be nil for remote packages. @@ -133,7 +133,7 @@ func (n NodeType) String() string { } } -//DOTColor returns the graphviz color to set a node to +// DOTColor returns the graphviz color to set a node to func (n *PkgNode) DOTColor() string { switch n.State { case StateMeta: diff --git a/toolkit/tools/internal/pkggraph/pkggraph_test.go b/toolkit/tools/internal/pkggraph/pkggraph_test.go index 74e936d16e9..9f3e12d6c3b 100644 --- a/toolkit/tools/internal/pkggraph/pkggraph_test.go +++ b/toolkit/tools/internal/pkggraph/pkggraph_test.go @@ -20,8 +20,8 @@ import ( // The nodes listed will NOT be found in an actual graph, they are just representative copies which can be used for equality // testing and as a source to build real nodes from. -// // Full Test Graph: +// // A(v1): // -> D(v<1) // -> B(v2): diff --git a/toolkit/tools/internal/pkgjson/pkgjson.go b/toolkit/tools/internal/pkgjson/pkgjson.go index 0d02afa2fed..0582f40c3c1 100644 --- a/toolkit/tools/internal/pkgjson/pkgjson.go +++ b/toolkit/tools/internal/pkgjson/pkgjson.go @@ -179,8 +179,8 @@ func (pkgVer *PackageVer) String() string { // PackagesListEntryToPackageVer converts an entry from the packages list JSON into an instance of PackageVer. // The entries may contain only the name of the package or also include a single package version constraint. // Examples: -// - "gcc" -// - "gcc=9.1.0" +// - "gcc" +// - "gcc=9.1.0" func PackagesListEntryToPackageVer(packageString string) (pkgVer *PackageVer, err error) { matches := packageWithVersionRegex.FindStringSubmatch(packageString) if len(matches) != packageWithVersionExpectedMatches { diff --git a/toolkit/tools/internal/safechroot/safechroot.go b/toolkit/tools/internal/safechroot/safechroot.go index 12c57a9566a..97eeba716d9 100644 --- a/toolkit/tools/internal/safechroot/safechroot.go +++ b/toolkit/tools/internal/safechroot/safechroot.go @@ -62,9 +62,9 @@ type Chroot struct { // registerSIGTERMCleanup has been invoked. Use a slice instead of a map // to ensure chroots can be cleaned up in LIFO order incase any are interdependent. // Note: -// - Docker based build doesn't need to maintain activeChroots because chroot come from -// a pre-existing pool of chroots -// (as opposed to regular build which create a new chroot each time a spec is built) +// - Docker based build doesn't need to maintain activeChroots because chroot come from +// a pre-existing pool of chroots +// (as opposed to regular build which create a new chroot each time a spec is built) var ( inChrootMutex sync.Mutex activeChrootsMutex sync.Mutex @@ -145,11 +145,12 @@ func NewChroot(rootDir string, isExistingDir bool) *Chroot { } // Initialize initializes a Chroot, creating directories and mount points. -// - tarPath is an optional path to a tar file that will be extracted at the root of the chroot. -// - extraDirectories is an optional slice of additional directories that should be created before attempting to -// mount inside the chroot. -// - extraMountPoints is an optional slice of additional mount points that should be created inside the chroot, -// they will automatically be unmounted on a Chroot Close. +// - tarPath is an optional path to a tar file that will be extracted at the root of the chroot. +// - extraDirectories is an optional slice of additional directories that should be created before attempting to +// mount inside the chroot. +// - extraMountPoints is an optional slice of additional mount points that should be created inside the chroot, +// they will automatically be unmounted on a Chroot Close. +// // This call will block until the chroot initializes succesfully. // Only one Chroot will initialize at a given time. func (c *Chroot) Initialize(tarPath string, extraDirectories []string, extraMountPoints []*MountPoint) (err error) { From b9de7fb291c93b4d7a7bb57a5fa791a51972a50d Mon Sep 17 00:00:00 2001 From: Rohit Rawat Date: Thu, 13 Apr 2023 11:50:47 +0530 Subject: [PATCH 13/16] openssl: patch CVE-2023-0465 and CVE-2023-0466 (#5286) --- SPECS/openssl/CVE-2023-0465.patch | 54 ++++++++++++++ SPECS/openssl/CVE-2023-0466.patch | 74 +++++++++++++++++++ SPECS/openssl/openssl.spec | 9 ++- .../manifests/package/pkggen_core_aarch64.txt | 12 +-- .../manifests/package/pkggen_core_x86_64.txt | 12 +-- .../manifests/package/toolchain_aarch64.txt | 12 +-- .../manifests/package/toolchain_x86_64.txt | 12 +-- 7 files changed, 160 insertions(+), 25 deletions(-) create mode 100644 SPECS/openssl/CVE-2023-0465.patch create mode 100644 SPECS/openssl/CVE-2023-0466.patch diff --git a/SPECS/openssl/CVE-2023-0465.patch b/SPECS/openssl/CVE-2023-0465.patch new file mode 100644 index 00000000000..441e1d7be11 --- /dev/null +++ b/SPECS/openssl/CVE-2023-0465.patch @@ -0,0 +1,54 @@ +From b013765abfa80036dc779dd0e50602c57bb3bf95 Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Tue, 7 Mar 2023 16:52:55 +0000 +Subject: [PATCH] Ensure that EXFLAG_INVALID_POLICY is checked even in leaf + certs + +Even though we check the leaf cert to confirm it is valid, we +later ignored the invalid flag and did not notice that the leaf +cert was bad. + +Fixes: CVE-2023-0465 + +Reviewed-by: Hugo Landau +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/20588) +--- + crypto/x509/x509_vfy.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c +index 925fbb5412..1dfe4f9f31 100644 +--- a/crypto/x509/x509_vfy.c ++++ b/crypto/x509/x509_vfy.c +@@ -1649,18 +1649,25 @@ static int check_policy(X509_STORE_CTX *ctx) + } + /* Invalid or inconsistent extensions */ + if (ret == X509_PCY_TREE_INVALID) { +- int i; ++ int i, cbcalled = 0; + + /* Locate certificates with bad extensions and notify callback. */ +- for (i = 1; i < sk_X509_num(ctx->chain); i++) { ++ for (i = 0; i < sk_X509_num(ctx->chain); i++) { + X509 *x = sk_X509_value(ctx->chain, i); + + if (!(x->ex_flags & EXFLAG_INVALID_POLICY)) + continue; ++ cbcalled = 1; + if (!verify_cb_cert(ctx, x, i, + X509_V_ERR_INVALID_POLICY_EXTENSION)) + return 0; + } ++ if (!cbcalled) { ++ /* Should not be able to get here */ ++ X509err(X509_F_CHECK_POLICY, ERR_R_INTERNAL_ERROR); ++ return 0; ++ } ++ /* The callback ignored the error so we return success */ + return 1; + } + if (ret == X509_PCY_TREE_FAILURE) { +-- +2.34.1 + diff --git a/SPECS/openssl/CVE-2023-0466.patch b/SPECS/openssl/CVE-2023-0466.patch new file mode 100644 index 00000000000..401cb6bb3d0 --- /dev/null +++ b/SPECS/openssl/CVE-2023-0466.patch @@ -0,0 +1,74 @@ +From 44310b1307b481298dce952741f2ff32be263cdc Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Tue, 21 Mar 2023 16:15:47 +0100 +Subject: [PATCH] Fix documentation of X509_VERIFY_PARAM_add0_policy() + +--- + CHANGES | 5 +++++ + NEWS | 1 + + doc/man3/X509_VERIFY_PARAM_set_flags.pod | 9 +++++++-- + 3 files changed, 13 insertions(+), 2 deletions(-) + +Backported by @rohitrawat from upstream on 2023-04-12 +Applies on 1.1.1k cleanly + +Signed-off-by: Rohit Rawat + +diff --git a/CHANGES b/CHANGES +index 7d0129e..276ab0e 100644 +--- a/CHANGES ++++ b/CHANGES +@@ -9,6 +9,11 @@ + + Changes between 1.1.1j and 1.1.1k [25 Mar 2021] + ++ *) Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention ++ that it does not enable policy checking. Thanks to ++ David Benjamin for discovering this issue. (CVE-2023-0466) ++ [Tomas Mraz] ++ + *) Fixed a problem with verifying a certificate chain when using the + X509_V_FLAG_X509_STRICT flag. This flag enables additional security checks + of the certificates present in a certificate chain. It is not set by +diff --git a/NEWS b/NEWS +index 05991a0..771a149 100644 +--- a/NEWS ++++ b/NEWS +@@ -7,6 +7,7 @@ + + Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [25 Mar 2021] + ++ o Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466) + o Fixed a problem with verifying a certificate chain when using the + X509_V_FLAG_X509_STRICT flag (CVE-2021-3450) + o Fixed an issue where an OpenSSL TLS server may crash if sent a +diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod +index f6f304b..aa292f9 100644 +--- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod ++++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod +@@ -92,8 +92,9 @@ B. + X509_VERIFY_PARAM_set_time() sets the verification time in B to + B. Normally the current time is used. + +-X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled +-by default) and adds B to the acceptable policy set. ++X509_VERIFY_PARAM_add0_policy() adds B to the acceptable policy set. ++Contrary to preexisting documentation of this function it does not enable ++policy checking. + + X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled + by default) and sets the acceptable policy set to B. Any existing +@@ -377,6 +378,10 @@ and has no effect. + + The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i. + ++The function X509_VERIFY_PARAM_add0_policy() was historically documented as ++enabling policy checking however the implementation has never done this. ++The documentation was changed to align with the implementation. ++ + =head1 COPYRIGHT + + Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. +-- +2.17.1 + diff --git a/SPECS/openssl/openssl.spec b/SPECS/openssl/openssl.spec index b676d601829..d7911798990 100644 --- a/SPECS/openssl/openssl.spec +++ b/SPECS/openssl/openssl.spec @@ -4,7 +4,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 1.1.1k -Release: 14%{?dist} +Release: 15%{?dist} License: OpenSSL Vendor: Microsoft Corporation Distribution: Mariner @@ -53,6 +53,8 @@ Patch30: CVE-2022-4304.patch Patch31: CVE-2022-4450.patch Patch32: CVE-2023-0215.patch Patch33: CVE-2023-0464.patch +Patch34: CVE-2023-0465.patch +Patch35: CVE-2023-0466.patch BuildRequires: perl-Test-Warnings BuildRequires: perl-Text-Template Requires: %{name}-libs = %{version}-%{release} @@ -151,6 +153,8 @@ cp %{SOURCE4} test/ %patch31 -p1 %patch32 -p1 %patch33 -p1 +%patch34 -p1 +%patch35 -p1 %build # Add -Wa,--noexecstack here so that libcrypto's assembler modules will be @@ -330,6 +334,9 @@ rm -f %{buildroot}%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist %postun libs -p /sbin/ldconfig %changelog +* Wed Apr 12 2023 Rohit Rawat - 1.1.1k-15 +- Patch CVE-2023-0465 and CVE-2023-0466 + * Fri Mar 31 2023 Osama Esmail - 1.1.1k-14 - Adding patch for CVE-2023-0464 - 2 of the 3 patches for the CVE were for later versions diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index fe214f32a0e..eb135a44919 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -105,12 +105,12 @@ perl-5.30.3-1.cm1.aarch64.rpm texinfo-6.5-7.cm1.aarch64.rpm autoconf-2.69-10.cm1.noarch.rpm automake-1.16.1-3.cm1.noarch.rpm -openssl-1.1.1k-14.cm1.aarch64.rpm -openssl-devel-1.1.1k-14.cm1.aarch64.rpm -openssl-libs-1.1.1k-14.cm1.aarch64.rpm -openssl-perl-1.1.1k-14.cm1.aarch64.rpm -openssl-static-1.1.1k-14.cm1.aarch64.rpm -openssl-debuginfo-1.1.1k-14.cm1.aarch64.rpm +openssl-1.1.1k-15.cm1.aarch64.rpm +openssl-devel-1.1.1k-15.cm1.aarch64.rpm +openssl-libs-1.1.1k-15.cm1.aarch64.rpm +openssl-perl-1.1.1k-15.cm1.aarch64.rpm +openssl-static-1.1.1k-15.cm1.aarch64.rpm +openssl-debuginfo-1.1.1k-15.cm1.aarch64.rpm libcap-2.26-2.cm1.aarch64.rpm libcap-devel-2.26-2.cm1.aarch64.rpm libcap-ng-0.7.9-3.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 92256e9cef4..5bc2e4be4b9 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -105,12 +105,12 @@ perl-5.30.3-1.cm1.x86_64.rpm texinfo-6.5-7.cm1.x86_64.rpm autoconf-2.69-10.cm1.noarch.rpm automake-1.16.1-3.cm1.noarch.rpm -openssl-1.1.1k-14.cm1.x86_64.rpm -openssl-devel-1.1.1k-14.cm1.x86_64.rpm -openssl-libs-1.1.1k-14.cm1.x86_64.rpm -openssl-perl-1.1.1k-14.cm1.x86_64.rpm -openssl-static-1.1.1k-14.cm1.x86_64.rpm -openssl-debuginfo-1.1.1k-14.cm1.x86_64.rpm +openssl-1.1.1k-15.cm1.x86_64.rpm +openssl-devel-1.1.1k-15.cm1.x86_64.rpm +openssl-libs-1.1.1k-15.cm1.x86_64.rpm +openssl-perl-1.1.1k-15.cm1.x86_64.rpm +openssl-static-1.1.1k-15.cm1.x86_64.rpm +openssl-debuginfo-1.1.1k-15.cm1.x86_64.rpm libcap-2.26-2.cm1.x86_64.rpm libcap-devel-2.26-2.cm1.x86_64.rpm libcap-ng-0.7.9-3.cm1.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 6d6159ef4e9..01b8847553e 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -300,12 +300,12 @@ openjdk8-src-1.8.0.332-1.cm1.aarch64.rpm openjre8-1.8.0.332-1.cm1.aarch64.rpm openldap-2.4.57-3.cm1.aarch64.rpm openldap-debuginfo-2.4.57-3.cm1.aarch64.rpm -openssl-1.1.1k-14.cm1.aarch64.rpm -openssl-debuginfo-1.1.1k-14.cm1.aarch64.rpm -openssl-devel-1.1.1k-14.cm1.aarch64.rpm -openssl-libs-1.1.1k-14.cm1.aarch64.rpm -openssl-perl-1.1.1k-14.cm1.aarch64.rpm -openssl-static-1.1.1k-14.cm1.aarch64.rpm +openssl-1.1.1k-15.cm1.aarch64.rpm +openssl-debuginfo-1.1.1k-15.cm1.aarch64.rpm +openssl-devel-1.1.1k-15.cm1.aarch64.rpm +openssl-libs-1.1.1k-15.cm1.aarch64.rpm +openssl-perl-1.1.1k-15.cm1.aarch64.rpm +openssl-static-1.1.1k-15.cm1.aarch64.rpm p11-kit-0.23.22-1.cm1.aarch64.rpm p11-kit-debuginfo-0.23.22-1.cm1.aarch64.rpm p11-kit-devel-0.23.22-1.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index f3660633c35..d3b195c8d82 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -300,12 +300,12 @@ openjdk8-src-1.8.0.332-1.cm1.x86_64.rpm openjre8-1.8.0.332-1.cm1.x86_64.rpm openldap-2.4.57-3.cm1.x86_64.rpm openldap-debuginfo-2.4.57-3.cm1.x86_64.rpm -openssl-1.1.1k-14.cm1.x86_64.rpm -openssl-debuginfo-1.1.1k-14.cm1.x86_64.rpm -openssl-devel-1.1.1k-14.cm1.x86_64.rpm -openssl-libs-1.1.1k-14.cm1.x86_64.rpm -openssl-perl-1.1.1k-14.cm1.x86_64.rpm -openssl-static-1.1.1k-14.cm1.x86_64.rpm +openssl-1.1.1k-15.cm1.x86_64.rpm +openssl-debuginfo-1.1.1k-15.cm1.x86_64.rpm +openssl-devel-1.1.1k-15.cm1.x86_64.rpm +openssl-libs-1.1.1k-15.cm1.x86_64.rpm +openssl-perl-1.1.1k-15.cm1.x86_64.rpm +openssl-static-1.1.1k-15.cm1.x86_64.rpm p11-kit-0.23.22-1.cm1.x86_64.rpm p11-kit-debuginfo-0.23.22-1.cm1.x86_64.rpm p11-kit-devel-0.23.22-1.cm1.x86_64.rpm From 5a386b1f21c19fb705798877fa0c94ce9fcaeeff Mon Sep 17 00:00:00 2001 From: Rohit Rawat Date: Thu, 13 Apr 2023 20:14:07 +0530 Subject: [PATCH 14/16] moby-runc: Upgrade to 1.1.5 to fix CVE-2023-28642, CVE-2023-27561, CVE-2023-25809 (#5294) --- SPECS/moby-runc/generate-sources.sh | 4 ++-- SPECS/moby-runc/moby-runc.signatures.json | 4 ++-- SPECS/moby-runc/moby-runc.spec | 11 +++++++---- cgmanifest.json | 6 +++--- 4 files changed, 14 insertions(+), 11 deletions(-) diff --git a/SPECS/moby-runc/generate-sources.sh b/SPECS/moby-runc/generate-sources.sh index 11872e80111..d86d84ed95e 100755 --- a/SPECS/moby-runc/generate-sources.sh +++ b/SPECS/moby-runc/generate-sources.sh @@ -5,8 +5,8 @@ # Git clone is a standard practice of producing source files for moby-* packages. RUNC_REPO=https://github.com/opencontainers/runc.git -RUNC_COMMIT=a916309fff0f838eb94e928713dbc3c0d0ac7aa4 -VERSION=v1.1.2 +RUNC_COMMIT=f19387a6bec4944c770f7668ab51c4348d9c2f38 +VERSION=v1.1.5 mkdir -p /build/runc-src cd /build/runc-src diff --git a/SPECS/moby-runc/moby-runc.signatures.json b/SPECS/moby-runc/moby-runc.signatures.json index 19f725aec7f..f11129cf1f0 100644 --- a/SPECS/moby-runc/moby-runc.signatures.json +++ b/SPECS/moby-runc/moby-runc.signatures.json @@ -5,8 +5,8 @@ "golang-crypto-c07d793c2f9aacf728fe68cbd7acd73adbd04159.tar.gz": "b7e8935189ea46c67eedafe6a97aefbdc2bf71dd9097fb7ee8a2a8ebc7556e7e", "golang-sys-b0526f3d87448f0401ea3f7f3a81aa9e6ab4804d.tar.gz": "23703a84893a1cb53d3efbb46143451431b95b78d29ef1e02132cd580bb3a445", "logrus-v1.8.1.tar.gz": "e9492c08ac8f202b438ccfb992bf81b7860739cf8f2266958e0c574c7abfdd74", - "runc-v1.1.2.tar.gz": "1a14bb492b562a6f7a27248e65a699790a6964923de64612e9bafc06124a30a2", + "runc-v1.1.5.tar.gz": "4bbc7703f4a5273e4b3d2c0ef233c784d116e92722e05fa11aa93ccf51aed4b9", "runtime-spec-v1.0.2.tar.gz": "0933a1ba6e418fe020993e80426107da8de3572f3f20b4cd1ef296de6e62bb61", "urfave-cli-v2.3.0.tar.gz": "b17376246f1477157daab86d4a1562d6b004f5be0d15dfc61ebd8bb129384e6b" } -} \ No newline at end of file +} diff --git a/SPECS/moby-runc/moby-runc.spec b/SPECS/moby-runc/moby-runc.spec index 8eadfc8821e..9de6c7d92b6 100644 --- a/SPECS/moby-runc/moby-runc.spec +++ b/SPECS/moby-runc/moby-runc.spec @@ -1,15 +1,15 @@ Summary: CLI tool for spawning and running containers per OCI spec. Name: moby-runc -Version: 1.1.2+azure -Release: 4%{?dist} +Version: 1.1.5+azure +Release: 1%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner Group: Virtualization/Libraries URL: https://runc.io/ # See generate-sources.sh for creating runc source tarball -#Source0: https://github.com/opencontainers/runc/archive/refs/tags/v1.1.2.tar.gz -Source0: runc-v1.1.2.tar.gz +#Source0: https://github.com/opencontainers/runc/archive/refs/tags/v1.1.5.tar.gz +Source0: runc-v1.1.5.tar.gz #Source1: https://github.com/sirupsen/logrus/archive/v1.8.1.tar.gz Source1: logrus-v1.8.1.tar.gz #Source2: https://github.com/opencontainers/runtime-spec/archive/v1.0.2.tar.gz @@ -108,6 +108,9 @@ cp %{SOURCE7} %{buildroot}%{_docdir}/%{name}-%{version}/LICENSE %{_mandir}/*/* %changelog +* Thu Apr 13 2023 Rohit Rawat - 1.1.5+azure-1 +- Bump release to fix CVE-2023-28642, CVE-2023-27561, CVE-2023-25809 + * Tue Dec 13 2022 Suresh Babu Chalamalasetty - 1.1.2+azure-4 - Bump release to rebuild with go 1.18.8-2 diff --git a/cgmanifest.json b/cgmanifest.json index b07f08ac2d0..3cf3e04d61f 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -4326,8 +4326,8 @@ "type": "other", "other": { "name": "moby-runc", - "version": "1.1.2+azure", - "downloadUrl": "https://github.com/opencontainers/runc/archive/refs/tags/v1.1.2.tar.gz" + "version": "1.1.5+azure", + "downloadUrl": "https://github.com/opencontainers/runc/archive/refs/tags/v1.1.5.tar.gz" } } }, @@ -8993,4 +8993,4 @@ } ], "Version": 1 -} \ No newline at end of file +} From bfdfd2a71aff3acc5403ab76ff661926721935bd Mon Sep 17 00:00:00 2001 From: Minghe Ren Date: Thu, 13 Apr 2023 11:08:26 -0700 Subject: [PATCH 15/16] set disable_root=true (#5287) --- toolkit/imageconfigs/additionalconfigs/cloud-init.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/toolkit/imageconfigs/additionalconfigs/cloud-init.cfg b/toolkit/imageconfigs/additionalconfigs/cloud-init.cfg index 531f338cc8c..805c568d5a8 100644 --- a/toolkit/imageconfigs/additionalconfigs/cloud-init.cfg +++ b/toolkit/imageconfigs/additionalconfigs/cloud-init.cfg @@ -11,7 +11,7 @@ users: # If this is set, 'root' will not be able to ssh in and they # will get a message to login instead as the above $user (ubuntu) -disable_root: false +disable_root: true #Vmware guest customization. disable_vmware_customization: true From e4109cf1fa28eb06b885eb8e260cc64f4c363797 Mon Sep 17 00:00:00 2001 From: Andrew Phelps Date: Fri, 14 Apr 2023 00:13:26 -0700 Subject: [PATCH 16/16] Bump Mariner 1.0 release for April 2023 update (#5302) * mariner-release: bump to version 60 * update manifests --- SPECS/mariner-release/mariner-release.spec | 4 +++- toolkit/resources/manifests/package/pkggen_core_aarch64.txt | 2 +- toolkit/resources/manifests/package/pkggen_core_x86_64.txt | 2 +- toolkit/resources/manifests/package/toolchain_aarch64.txt | 2 +- toolkit/resources/manifests/package/toolchain_x86_64.txt | 2 +- 5 files changed, 7 insertions(+), 5 deletions(-) diff --git a/SPECS/mariner-release/mariner-release.spec b/SPECS/mariner-release/mariner-release.spec index c5c51da3854..2c7d3f9aad5 100644 --- a/SPECS/mariner-release/mariner-release.spec +++ b/SPECS/mariner-release/mariner-release.spec @@ -1,7 +1,7 @@ Summary: CBL-Mariner release files Name: mariner-release Version: 1.0 -Release: 59%{?dist} +Release: 60%{?dist} License: MIT Group: System Environment/Base URL: https://aka.ms/cbl-mariner @@ -67,6 +67,8 @@ rm -rf $RPM_BUILD_ROOT %config(noreplace) /etc/issue.net %changelog +* Thu Apr 13 2023 Andrew Phelps - 1.0-60 +- Updating version for April update. * Wed Mar 29 2023 Jon Slobodzian - 1.0-59 - Updating version for March update2. * Mon Mar 06 2023 Jon Slobodzian - 1.0-58 diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index eb135a44919..43040368c17 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -58,7 +58,7 @@ findutils-lang-4.6.0-8.cm1.aarch64.rpm gettext-0.19.8.1-5.cm1.aarch64.rpm gzip-1.12-1.cm1.aarch64.rpm make-4.2.1-5.cm1.aarch64.rpm -mariner-release-1.0-59.cm1.noarch.rpm +mariner-release-1.0-60.cm1.noarch.rpm patch-2.7.6-7.cm1.aarch64.rpm util-linux-2.32.1-7.cm1.aarch64.rpm util-linux-devel-2.32.1-7.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 5bc2e4be4b9..6f107254d59 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -58,7 +58,7 @@ findutils-lang-4.6.0-8.cm1.x86_64.rpm gettext-0.19.8.1-5.cm1.x86_64.rpm gzip-1.12-1.cm1.x86_64.rpm make-4.2.1-5.cm1.x86_64.rpm -mariner-release-1.0-59.cm1.noarch.rpm +mariner-release-1.0-60.cm1.noarch.rpm patch-2.7.6-7.cm1.x86_64.rpm util-linux-2.32.1-7.cm1.x86_64.rpm util-linux-devel-2.32.1-7.cm1.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 01b8847553e..55721dbf8d9 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -259,7 +259,7 @@ m4-debuginfo-1.4.18-4.cm1.aarch64.rpm make-4.2.1-5.cm1.aarch64.rpm make-debuginfo-4.2.1-5.cm1.aarch64.rpm mariner-check-macros-1.0-8.cm1.noarch.rpm -mariner-release-1.0-59.cm1.noarch.rpm +mariner-release-1.0-60.cm1.noarch.rpm mariner-repos-1.0-16.cm1.noarch.rpm mariner-repos-extras-1.0-16.cm1.noarch.rpm mariner-repos-extras-preview-1.0-16.cm1.noarch.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index d3b195c8d82..711f14fff67 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -259,7 +259,7 @@ m4-debuginfo-1.4.18-4.cm1.x86_64.rpm make-4.2.1-5.cm1.x86_64.rpm make-debuginfo-4.2.1-5.cm1.x86_64.rpm mariner-check-macros-1.0-8.cm1.noarch.rpm -mariner-release-1.0-59.cm1.noarch.rpm +mariner-release-1.0-60.cm1.noarch.rpm mariner-repos-1.0-16.cm1.noarch.rpm mariner-repos-extras-1.0-16.cm1.noarch.rpm mariner-repos-extras-preview-1.0-16.cm1.noarch.rpm