* [PATCH] ca-certificates: Remove TrustCor Systems root CAs
@ 2022-12-01 9:46 Peter Müller
2022-12-01 11:13 ` Michael Tremer
0 siblings, 1 reply; 2+ messages in thread
From: Peter Müller @ 2022-12-01 9:46 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 34016 bytes --]
On November 30, 2022, Mozilla decided to take the following
actions as a response to the concerns raised about the merits
of this root CA operator (excerpt taken from
https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ):
> 1. Set "Distrust for TLS After Date" and "Distrust for S/MIME
> After Date" to November 30, 2022, for the 3 TrustCor root
> certificates (TrustCor RootCert CA-1, TrustCor ECA-1,
> TrustCor RootCert CA-2) that are currently included in
> Mozilla's root store.
>
> 2. Remove those root certificates from Mozilla's root store
> after the existing end-entity TLS certificates have expired.
As far as the latter is concerned, the offending certificates
have these expiry dates set:
- TrustCor RootCert CA-1: Mon, 31 Dec 2029 17:23:16 GMT
- TrustCor RootCert CA-2: Sun, 31 Dec 2034 17:26:39 GMT
- TrustCor ECA-1: Mon, 31 Dec 2029 17:28:07 GMT
The way IPFire 2 currently processes Mozilla's trust store
does not feature a way of incorporate a "Distrust for XYZ After
Date" attribute. This means that despite TrustCor Systems root
CAs are no longer trusted by browsers using Mozilla's trust
store, IPFire would still accept certificates directly or
indirectly issued by this CA until December 2029 or December 2034.
To protect IPFire users, this patch therefore suggests to
patch our copy of Mozilla's trust store in order to remove
TrustCor Systems' root CAs: The vast majority of HTTPS connections
established from an IPFire machine take place in a non-interactive
context, so there is no security benefit from a "Distrust After
Date" information. Instead, if we do not want IPFire installations
to trust this CA, we have no other option other than remove it
unilaterally from our copy of Mozilla's trust store.
See also: https://lists.ipfire.org/pipermail/development/2022-November/014681.html
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
lfs/ca-certificates | 6 +-
...tes-Remove-TrustCor-Systems-root-CAs.patch | 520 ++++++++++++++++++
2 files changed, 525 insertions(+), 1 deletion(-)
create mode 100644 src/patches/ca-certificates-Remove-TrustCor-Systems-root-CAs.patch
diff --git a/lfs/ca-certificates b/lfs/ca-certificates
index b79f59cd1..70f9e0ea6 100644
--- a/lfs/ca-certificates
+++ b/lfs/ca-certificates
@@ -24,7 +24,7 @@
include Config
-VER = 20220917
+VER = 20221201
# From https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt
@@ -52,6 +52,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cp -av $(DIR_CONF)/$(THISAPP) $(DIR_APP)
+ # Remove TrustCor Systems root CAs (see mailing list thread:
+ # https://lists.ipfire.org/pipermail/development/2022-November/014681.html)
+ cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/ca-certificates-Remove-TrustCor-Systems-root-CAs.patch
+
cd $(DIR_APP) && sh ./build.sh
-mkdir -pv /etc/ssl/certs
diff --git a/src/patches/ca-certificates-Remove-TrustCor-Systems-root-CAs.patch b/src/patches/ca-certificates-Remove-TrustCor-Systems-root-CAs.patch
new file mode 100644
index 000000000..99498a41a
--- /dev/null
+++ b/src/patches/ca-certificates-Remove-TrustCor-Systems-root-CAs.patch
@@ -0,0 +1,520 @@
+--- certdata.txt 2022-12-01 10:23:58.186454756 +0100
++++ certdata.txt 2022-12-01 10:25:19.587297113 +0100
+@@ -15292,517 +15292,6 @@
+ CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+ #
+-# Certificate "TrustCor RootCert CA-1"
+-#
+-# Issuer: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
+-# Serial Number:00:da:9b:ec:71:f3:03:b0:19
+-# Subject: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
+-# Not Valid Before: Thu Feb 04 12:32:16 2016
+-# Not Valid After : Mon Dec 31 17:23:16 2029
+-# Fingerprint (SHA-256): D4:0E:9C:86:CD:8F:E4:68:C1:77:69:59:F4:9E:A7:74:FA:54:86:84:B6:C4:06:F3:90:92:61:F4:DC:E2:57:5C
+-# Fingerprint (SHA1): FF:BD:CD:E7:82:C8:43:5E:3C:6F:26:86:5C:CA:A8:3A:45:5B:C3:0A
+-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+-CKA_TOKEN CK_BBOOL CK_TRUE
+-CKA_PRIVATE CK_BBOOL CK_FALSE
+-CKA_MODIFIABLE CK_BBOOL CK_FALSE
+-CKA_LABEL UTF8 "TrustCor RootCert CA-1"
+-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+-CKA_SUBJECT MULTILINE_OCTAL
+-\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101
+-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
+-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
+-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
+-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
+-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
+-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
+-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
+-\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014
+-\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145
+-\162\164\040\103\101\055\061
+-END
+-CKA_ID UTF8 "0"
+-CKA_ISSUER MULTILINE_OCTAL
+-\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101
+-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
+-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
+-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
+-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
+-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
+-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
+-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
+-\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014
+-\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145
+-\162\164\040\103\101\055\061
+-END
+-CKA_SERIAL_NUMBER MULTILINE_OCTAL
+-\002\011\000\332\233\354\161\363\003\260\031
+-END
+-CKA_VALUE MULTILINE_OCTAL
+-\060\202\004\060\060\202\003\030\240\003\002\001\002\002\011\000
+-\332\233\354\161\363\003\260\031\060\015\006\011\052\206\110\206
+-\367\015\001\001\013\005\000\060\201\244\061\013\060\011\006\003
+-\125\004\006\023\002\120\101\061\017\060\015\006\003\125\004\010
+-\014\006\120\141\156\141\155\141\061\024\060\022\006\003\125\004
+-\007\014\013\120\141\156\141\155\141\040\103\151\164\171\061\044
+-\060\042\006\003\125\004\012\014\033\124\162\165\163\164\103\157
+-\162\040\123\171\163\164\145\155\163\040\123\056\040\144\145\040
+-\122\056\114\056\061\047\060\045\006\003\125\004\013\014\036\124
+-\162\165\163\164\103\157\162\040\103\145\162\164\151\146\151\143
+-\141\164\145\040\101\165\164\150\157\162\151\164\171\061\037\060
+-\035\006\003\125\004\003\014\026\124\162\165\163\164\103\157\162
+-\040\122\157\157\164\103\145\162\164\040\103\101\055\061\060\036
+-\027\015\061\066\060\062\060\064\061\062\063\062\061\066\132\027
+-\015\062\071\061\062\063\061\061\067\062\063\061\066\132\060\201
+-\244\061\013\060\011\006\003\125\004\006\023\002\120\101\061\017
+-\060\015\006\003\125\004\010\014\006\120\141\156\141\155\141\061
+-\024\060\022\006\003\125\004\007\014\013\120\141\156\141\155\141
+-\040\103\151\164\171\061\044\060\042\006\003\125\004\012\014\033
+-\124\162\165\163\164\103\157\162\040\123\171\163\164\145\155\163
+-\040\123\056\040\144\145\040\122\056\114\056\061\047\060\045\006
+-\003\125\004\013\014\036\124\162\165\163\164\103\157\162\040\103
+-\145\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157
+-\162\151\164\171\061\037\060\035\006\003\125\004\003\014\026\124
+-\162\165\163\164\103\157\162\040\122\157\157\164\103\145\162\164
+-\040\103\101\055\061\060\202\001\042\060\015\006\011\052\206\110
+-\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001
+-\012\002\202\001\001\000\277\216\267\225\342\302\046\022\153\063
+-\031\307\100\130\012\253\131\252\215\000\243\374\200\307\120\173
+-\216\324\040\046\272\062\022\330\043\124\111\045\020\042\230\235
+-\106\322\301\311\236\116\033\056\054\016\070\363\032\045\150\034
+-\246\132\005\346\036\213\110\277\230\226\164\076\151\312\351\265
+-\170\245\006\274\325\000\136\011\012\362\047\172\122\374\055\325
+-\261\352\264\211\141\044\363\032\023\333\251\317\122\355\014\044
+-\272\271\236\354\176\000\164\372\223\255\154\051\222\256\121\264
+-\273\323\127\277\263\363\250\215\234\364\044\113\052\326\231\236
+-\364\236\376\300\176\102\072\347\013\225\123\332\267\150\016\220
+-\114\373\160\077\217\112\054\224\363\046\335\143\151\251\224\330
+-\020\116\305\107\010\220\231\033\027\115\271\154\156\357\140\225
+-\021\216\041\200\265\275\240\163\330\320\262\167\304\105\352\132
+-\046\373\146\166\166\370\006\037\141\155\017\125\305\203\267\020
+-\126\162\006\007\245\363\261\032\003\005\144\016\235\132\212\326
+-\206\160\033\044\336\376\050\212\053\320\152\260\374\172\242\334
+-\262\171\016\213\145\017\002\003\001\000\001\243\143\060\141\060
+-\035\006\003\125\035\016\004\026\004\024\356\153\111\074\172\077
+-\015\343\261\011\267\212\310\253\031\237\163\063\120\347\060\037
+-\006\003\125\035\043\004\030\060\026\200\024\356\153\111\074\172
+-\077\015\343\261\011\267\212\310\253\031\237\163\063\120\347\060
+-\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377
+-\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\206
+-\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003
+-\202\001\001\000\045\030\324\221\217\023\356\217\036\035\021\123
+-\332\055\104\051\031\240\036\153\061\236\115\016\236\255\075\134
+-\101\157\225\053\044\241\171\230\072\070\066\373\273\146\236\110
+-\377\220\220\357\075\324\270\233\264\207\165\077\040\233\316\162
+-\317\241\125\301\115\144\242\031\006\241\007\063\014\013\051\345
+-\361\352\253\243\354\265\012\164\220\307\175\162\362\327\134\237
+-\221\357\221\213\267\334\355\146\242\317\216\146\073\274\237\072
+-\002\340\047\335\026\230\300\225\324\012\244\344\201\232\165\224
+-\065\234\220\137\210\067\006\255\131\225\012\260\321\147\323\031
+-\312\211\347\062\132\066\034\076\202\250\132\223\276\306\320\144
+-\221\266\317\331\266\030\317\333\176\322\145\243\246\304\216\027
+-\061\301\373\176\166\333\323\205\343\130\262\167\172\166\073\154
+-\057\120\034\347\333\366\147\171\037\365\202\225\232\007\247\024
+-\257\217\334\050\041\147\011\322\326\115\132\034\031\034\216\167
+-\134\303\224\044\075\062\153\113\176\324\170\224\203\276\067\115
+-\316\137\307\036\116\074\340\211\063\225\013\017\245\062\326\074
+-\132\171\054\031
+-END
+-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+-CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
+-
+-# Trust for "TrustCor RootCert CA-1"
+-# Issuer: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
+-# Serial Number:00:da:9b:ec:71:f3:03:b0:19
+-# Subject: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
+-# Not Valid Before: Thu Feb 04 12:32:16 2016
+-# Not Valid After : Mon Dec 31 17:23:16 2029
+-# Fingerprint (SHA-256): D4:0E:9C:86:CD:8F:E4:68:C1:77:69:59:F4:9E:A7:74:FA:54:86:84:B6:C4:06:F3:90:92:61:F4:DC:E2:57:5C
+-# Fingerprint (SHA1): FF:BD:CD:E7:82:C8:43:5E:3C:6F:26:86:5C:CA:A8:3A:45:5B:C3:0A
+-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+-CKA_TOKEN CK_BBOOL CK_TRUE
+-CKA_PRIVATE CK_BBOOL CK_FALSE
+-CKA_MODIFIABLE CK_BBOOL CK_FALSE
+-CKA_LABEL UTF8 "TrustCor RootCert CA-1"
+-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+-\377\275\315\347\202\310\103\136\074\157\046\206\134\312\250\072
+-\105\133\303\012
+-END
+-CKA_CERT_MD5_HASH MULTILINE_OCTAL
+-\156\205\361\334\032\000\323\042\325\262\262\254\153\067\005\105
+-END
+-CKA_ISSUER MULTILINE_OCTAL
+-\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101
+-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
+-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
+-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
+-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
+-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
+-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
+-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
+-\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014
+-\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145
+-\162\164\040\103\101\055\061
+-END
+-CKA_SERIAL_NUMBER MULTILINE_OCTAL
+-\002\011\000\332\233\354\161\363\003\260\031
+-END
+-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+-
+-#
+-# Certificate "TrustCor RootCert CA-2"
+-#
+-# Issuer: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
+-# Serial Number:25:a1:df:ca:33:cb:59:02
+-# Subject: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
+-# Not Valid Before: Thu Feb 04 12:32:23 2016
+-# Not Valid After : Sun Dec 31 17:26:39 2034
+-# Fingerprint (SHA-256): 07:53:E9:40:37:8C:1B:D5:E3:83:6E:39:5D:AE:A5:CB:83:9E:50:46:F1:BD:0E:AE:19:51:CF:10:FE:C7:C9:65
+-# Fingerprint (SHA1): B8:BE:6D:CB:56:F1:55:B9:63:D4:12:CA:4E:06:34:C7:94:B2:1C:C0
+-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+-CKA_TOKEN CK_BBOOL CK_TRUE
+-CKA_PRIVATE CK_BBOOL CK_FALSE
+-CKA_MODIFIABLE CK_BBOOL CK_FALSE
+-CKA_LABEL UTF8 "TrustCor RootCert CA-2"
+-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+-CKA_SUBJECT MULTILINE_OCTAL
+-\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101
+-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
+-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
+-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
+-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
+-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
+-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
+-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
+-\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014
+-\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145
+-\162\164\040\103\101\055\062
+-END
+-CKA_ID UTF8 "0"
+-CKA_ISSUER MULTILINE_OCTAL
+-\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101
+-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
+-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
+-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
+-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
+-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
+-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
+-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
+-\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014
+-\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145
+-\162\164\040\103\101\055\062
+-END
+-CKA_SERIAL_NUMBER MULTILINE_OCTAL
+-\002\010\045\241\337\312\063\313\131\002
+-END
+-CKA_VALUE MULTILINE_OCTAL
+-\060\202\006\057\060\202\004\027\240\003\002\001\002\002\010\045
+-\241\337\312\063\313\131\002\060\015\006\011\052\206\110\206\367
+-\015\001\001\013\005\000\060\201\244\061\013\060\011\006\003\125
+-\004\006\023\002\120\101\061\017\060\015\006\003\125\004\010\014
+-\006\120\141\156\141\155\141\061\024\060\022\006\003\125\004\007
+-\014\013\120\141\156\141\155\141\040\103\151\164\171\061\044\060
+-\042\006\003\125\004\012\014\033\124\162\165\163\164\103\157\162
+-\040\123\171\163\164\145\155\163\040\123\056\040\144\145\040\122
+-\056\114\056\061\047\060\045\006\003\125\004\013\014\036\124\162
+-\165\163\164\103\157\162\040\103\145\162\164\151\146\151\143\141
+-\164\145\040\101\165\164\150\157\162\151\164\171\061\037\060\035
+-\006\003\125\004\003\014\026\124\162\165\163\164\103\157\162\040
+-\122\157\157\164\103\145\162\164\040\103\101\055\062\060\036\027
+-\015\061\066\060\062\060\064\061\062\063\062\062\063\132\027\015
+-\063\064\061\062\063\061\061\067\062\066\063\071\132\060\201\244
+-\061\013\060\011\006\003\125\004\006\023\002\120\101\061\017\060
+-\015\006\003\125\004\010\014\006\120\141\156\141\155\141\061\024
+-\060\022\006\003\125\004\007\014\013\120\141\156\141\155\141\040
+-\103\151\164\171\061\044\060\042\006\003\125\004\012\014\033\124
+-\162\165\163\164\103\157\162\040\123\171\163\164\145\155\163\040
+-\123\056\040\144\145\040\122\056\114\056\061\047\060\045\006\003
+-\125\004\013\014\036\124\162\165\163\164\103\157\162\040\103\145
+-\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157\162
+-\151\164\171\061\037\060\035\006\003\125\004\003\014\026\124\162
+-\165\163\164\103\157\162\040\122\157\157\164\103\145\162\164\040
+-\103\101\055\062\060\202\002\042\060\015\006\011\052\206\110\206
+-\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002\012
+-\002\202\002\001\000\247\040\156\302\052\242\142\044\225\220\166
+-\310\070\176\200\322\253\301\233\145\005\224\364\301\012\020\325
+-\002\254\355\237\223\307\207\310\260\047\053\102\014\075\012\076
+-\101\132\236\165\335\215\312\340\233\354\150\062\244\151\222\150
+-\214\013\201\016\126\240\076\032\335\054\045\024\202\057\227\323
+-\144\106\364\124\251\334\072\124\055\061\053\231\202\362\331\052
+-\327\357\161\000\270\061\244\276\172\044\007\303\102\040\362\212
+-\324\222\004\033\145\126\114\154\324\373\266\141\132\107\043\264
+-\330\151\264\267\072\320\164\074\014\165\241\214\116\166\241\351
+-\333\052\245\073\372\316\260\377\176\152\050\375\047\034\310\261
+-\351\051\361\127\156\144\264\320\301\025\155\016\276\056\016\106
+-\310\136\364\121\376\357\016\143\072\073\161\272\317\157\131\312
+-\014\343\233\135\111\270\114\342\127\261\230\212\102\127\234\166
+-\357\357\275\321\150\250\322\364\011\273\167\065\276\045\202\010
+-\304\026\054\104\040\126\251\104\021\167\357\135\264\035\252\136
+-\153\076\213\062\366\007\057\127\004\222\312\365\376\235\302\351
+-\350\263\216\114\113\002\061\331\344\074\110\202\047\367\030\202
+-\166\110\072\161\261\023\241\071\325\056\305\064\302\035\142\205
+-\337\003\376\115\364\257\075\337\134\133\215\372\160\341\245\176
+-\047\307\206\056\152\217\022\306\204\136\103\121\120\234\031\233
+-\170\346\374\366\355\107\176\173\075\146\357\023\023\210\137\074
+-\241\143\373\371\254\207\065\237\363\202\236\244\077\012\234\061
+-\151\213\231\244\210\112\216\156\146\115\357\026\304\017\171\050
+-\041\140\015\205\026\175\327\124\070\361\222\126\375\265\063\114
+-\203\334\327\020\237\113\375\306\370\102\275\272\174\163\002\340
+-\377\175\315\133\341\324\254\141\173\127\325\112\173\133\324\205
+-\130\047\135\277\370\053\140\254\240\046\256\024\041\047\306\167
+-\232\063\200\074\136\106\077\367\303\261\243\206\063\306\350\136
+-\015\271\065\054\252\106\301\205\002\165\200\240\353\044\373\025
+-\252\344\147\177\156\167\077\364\004\212\057\174\173\343\027\141
+-\360\335\011\251\040\310\276\011\244\320\176\104\303\262\060\112
+-\070\252\251\354\030\232\007\202\053\333\270\234\030\255\332\340
+-\106\027\254\317\135\002\003\001\000\001\243\143\060\141\060\035
+-\006\003\125\035\016\004\026\004\024\331\376\041\100\156\224\236
+-\274\233\075\234\175\230\040\031\345\214\060\142\262\060\037\006
+-\003\125\035\043\004\030\060\026\200\024\331\376\041\100\156\224
+-\236\274\233\075\234\175\230\040\031\345\214\060\142\262\060\017
+-\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060
+-\016\006\003\125\035\017\001\001\377\004\004\003\002\001\206\060
+-\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202
+-\002\001\000\236\105\236\014\073\266\357\341\072\310\174\321\000
+-\075\317\342\352\006\265\262\072\273\006\113\150\172\320\043\227
+-\164\247\054\360\010\330\171\132\327\132\204\212\330\022\232\033
+-\331\175\134\115\160\305\245\371\253\345\243\211\211\335\001\372
+-\354\335\371\351\222\227\333\260\106\102\363\323\142\252\225\376
+-\061\147\024\151\130\220\012\252\013\356\067\043\307\120\121\264
+-\365\176\236\343\173\367\344\314\102\062\055\111\014\313\377\111
+-\014\233\036\064\375\156\156\226\212\171\003\266\157\333\011\313
+-\375\137\145\024\067\341\070\365\363\141\026\130\344\265\155\015
+-\013\004\033\077\120\055\177\263\307\172\032\026\200\140\370\212
+-\037\351\033\052\306\371\272\001\032\151\277\322\130\307\124\127
+-\010\217\341\071\140\167\113\254\131\204\032\210\361\335\313\117
+-\170\327\347\341\063\055\374\356\101\372\040\260\276\313\367\070
+-\224\300\341\320\205\017\273\355\054\163\253\355\376\222\166\032
+-\144\177\133\015\063\011\007\063\173\006\077\021\244\134\160\074
+-\205\300\317\343\220\250\203\167\372\333\346\305\214\150\147\020
+-\147\245\122\055\360\304\231\217\177\277\321\153\342\265\107\326
+-\331\320\205\231\115\224\233\017\113\215\356\000\132\107\035\021
+-\003\254\101\030\257\207\267\157\014\072\217\312\317\334\003\301
+-\242\011\310\345\375\200\136\310\140\102\001\033\032\123\132\273
+-\067\246\267\274\272\204\351\036\154\032\324\144\332\324\103\376
+-\223\213\113\362\054\171\026\020\324\223\013\210\217\241\330\206
+-\024\106\221\107\233\050\044\357\127\122\116\134\102\234\252\367
+-\111\354\047\350\100\036\263\246\211\042\162\234\365\015\063\264
+-\130\243\060\073\335\324\152\124\223\276\032\115\363\223\224\367
+-\374\204\013\077\204\040\134\064\003\104\305\332\255\274\012\301
+-\002\317\036\345\224\331\363\216\133\330\114\360\235\354\141\027
+-\273\024\062\124\014\002\051\223\036\222\206\366\177\357\347\222
+-\005\016\131\335\231\010\056\056\372\234\000\122\323\305\146\051
+-\344\247\227\104\244\016\050\201\023\065\305\366\157\144\346\101
+-\304\325\057\314\064\105\045\317\101\000\226\075\112\056\302\226
+-\230\117\116\112\234\227\267\333\037\222\062\310\377\017\121\156
+-\326\354\011
+-END
+-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+-CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
+-
+-# Trust for "TrustCor RootCert CA-2"
+-# Issuer: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
+-# Serial Number:25:a1:df:ca:33:cb:59:02
+-# Subject: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
+-# Not Valid Before: Thu Feb 04 12:32:23 2016
+-# Not Valid After : Sun Dec 31 17:26:39 2034
+-# Fingerprint (SHA-256): 07:53:E9:40:37:8C:1B:D5:E3:83:6E:39:5D:AE:A5:CB:83:9E:50:46:F1:BD:0E:AE:19:51:CF:10:FE:C7:C9:65
+-# Fingerprint (SHA1): B8:BE:6D:CB:56:F1:55:B9:63:D4:12:CA:4E:06:34:C7:94:B2:1C:C0
+-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+-CKA_TOKEN CK_BBOOL CK_TRUE
+-CKA_PRIVATE CK_BBOOL CK_FALSE
+-CKA_MODIFIABLE CK_BBOOL CK_FALSE
+-CKA_LABEL UTF8 "TrustCor RootCert CA-2"
+-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+-\270\276\155\313\126\361\125\271\143\324\022\312\116\006\064\307
+-\224\262\034\300
+-END
+-CKA_CERT_MD5_HASH MULTILINE_OCTAL
+-\242\341\370\030\013\272\105\325\307\101\052\273\067\122\105\144
+-END
+-CKA_ISSUER MULTILINE_OCTAL
+-\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101
+-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
+-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
+-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
+-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
+-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
+-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
+-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
+-\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014
+-\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145
+-\162\164\040\103\101\055\062
+-END
+-CKA_SERIAL_NUMBER MULTILINE_OCTAL
+-\002\010\045\241\337\312\063\313\131\002
+-END
+-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+-
+-#
+-# Certificate "TrustCor ECA-1"
+-#
+-# Issuer: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
+-# Serial Number:00:84:82:2c:5f:1c:62:d0:40
+-# Subject: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
+-# Not Valid Before: Thu Feb 04 12:32:33 2016
+-# Not Valid After : Mon Dec 31 17:28:07 2029
+-# Fingerprint (SHA-256): 5A:88:5D:B1:9C:01:D9:12:C5:75:93:88:93:8C:AF:BB:DF:03:1A:B2:D4:8E:91:EE:15:58:9B:42:97:1D:03:9C
+-# Fingerprint (SHA1): 58:D1:DF:95:95:67:6B:63:C0:F0:5B:1C:17:4D:8B:84:0B:C8:78:BD
+-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+-CKA_TOKEN CK_BBOOL CK_TRUE
+-CKA_PRIVATE CK_BBOOL CK_FALSE
+-CKA_MODIFIABLE CK_BBOOL CK_FALSE
+-CKA_LABEL UTF8 "TrustCor ECA-1"
+-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+-CKA_SUBJECT MULTILINE_OCTAL
+-\060\201\234\061\013\060\011\006\003\125\004\006\023\002\120\101
+-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
+-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
+-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
+-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
+-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
+-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
+-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
+-\150\157\162\151\164\171\061\027\060\025\006\003\125\004\003\014
+-\016\124\162\165\163\164\103\157\162\040\105\103\101\055\061
+-END
+-CKA_ID UTF8 "0"
+-CKA_ISSUER MULTILINE_OCTAL
+-\060\201\234\061\013\060\011\006\003\125\004\006\023\002\120\101
+-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
+-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
+-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
+-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
+-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
+-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
+-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
+-\150\157\162\151\164\171\061\027\060\025\006\003\125\004\003\014
+-\016\124\162\165\163\164\103\157\162\040\105\103\101\055\061
+-END
+-CKA_SERIAL_NUMBER MULTILINE_OCTAL
+-\002\011\000\204\202\054\137\034\142\320\100
+-END
+-CKA_VALUE MULTILINE_OCTAL
+-\060\202\004\040\060\202\003\010\240\003\002\001\002\002\011\000
+-\204\202\054\137\034\142\320\100\060\015\006\011\052\206\110\206
+-\367\015\001\001\013\005\000\060\201\234\061\013\060\011\006\003
+-\125\004\006\023\002\120\101\061\017\060\015\006\003\125\004\010
+-\014\006\120\141\156\141\155\141\061\024\060\022\006\003\125\004
+-\007\014\013\120\141\156\141\155\141\040\103\151\164\171\061\044
+-\060\042\006\003\125\004\012\014\033\124\162\165\163\164\103\157
+-\162\040\123\171\163\164\145\155\163\040\123\056\040\144\145\040
+-\122\056\114\056\061\047\060\045\006\003\125\004\013\014\036\124
+-\162\165\163\164\103\157\162\040\103\145\162\164\151\146\151\143
+-\141\164\145\040\101\165\164\150\157\162\151\164\171\061\027\060
+-\025\006\003\125\004\003\014\016\124\162\165\163\164\103\157\162
+-\040\105\103\101\055\061\060\036\027\015\061\066\060\062\060\064
+-\061\062\063\062\063\063\132\027\015\062\071\061\062\063\061\061
+-\067\062\070\060\067\132\060\201\234\061\013\060\011\006\003\125
+-\004\006\023\002\120\101\061\017\060\015\006\003\125\004\010\014
+-\006\120\141\156\141\155\141\061\024\060\022\006\003\125\004\007
+-\014\013\120\141\156\141\155\141\040\103\151\164\171\061\044\060
+-\042\006\003\125\004\012\014\033\124\162\165\163\164\103\157\162
+-\040\123\171\163\164\145\155\163\040\123\056\040\144\145\040\122
+-\056\114\056\061\047\060\045\006\003\125\004\013\014\036\124\162
+-\165\163\164\103\157\162\040\103\145\162\164\151\146\151\143\141
+-\164\145\040\101\165\164\150\157\162\151\164\171\061\027\060\025
+-\006\003\125\004\003\014\016\124\162\165\163\164\103\157\162\040
+-\105\103\101\055\061\060\202\001\042\060\015\006\011\052\206\110
+-\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001
+-\012\002\202\001\001\000\317\217\340\021\265\237\250\166\166\333
+-\337\017\124\357\163\143\051\202\255\107\306\243\153\355\376\137
+-\063\370\103\121\351\032\063\221\061\027\240\164\304\324\247\001
+-\346\262\222\076\152\235\355\016\371\164\230\100\323\077\003\200
+-\006\202\100\350\261\342\247\121\247\035\203\046\153\253\336\372
+-\027\221\053\330\306\254\036\261\236\031\001\325\227\246\352\015
+-\267\304\125\037\047\174\322\010\325\166\037\051\025\207\100\071
+-\335\070\105\021\165\320\232\247\064\340\277\315\310\122\035\271
+-\107\176\015\270\273\306\014\366\163\127\026\132\176\103\221\037
+-\125\072\306\155\104\004\252\234\251\234\247\114\211\027\203\256
+-\243\004\136\122\200\213\036\022\045\021\031\327\014\175\175\061
+-\104\101\352\333\257\260\034\357\201\320\054\305\232\041\233\075
+-\355\102\073\120\046\362\354\316\161\141\006\142\041\124\116\177
+-\301\235\076\177\040\214\200\313\052\330\227\142\310\203\063\221
+-\175\260\242\132\017\127\350\073\314\362\045\262\324\174\057\354
+-\115\306\241\072\025\172\347\266\135\065\365\366\110\112\066\105
+-\146\324\272\230\130\301\002\003\001\000\001\243\143\060\141\060
+-\035\006\003\125\035\016\004\026\004\024\104\236\110\365\314\155
+-\110\324\240\113\177\376\131\044\057\203\227\231\232\206\060\037
+-\006\003\125\035\043\004\030\060\026\200\024\104\236\110\365\314
+-\155\110\324\240\113\177\376\131\044\057\203\227\231\232\206\060
+-\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377
+-\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\206
+-\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003
+-\202\001\001\000\005\076\065\134\025\160\233\311\307\163\141\157
+-\162\053\324\302\217\362\103\135\002\316\304\224\271\224\021\203
+-\147\135\342\147\154\165\166\277\273\014\252\066\306\255\107\223
+-\143\334\036\176\326\336\056\376\351\031\062\070\003\177\024\366
+-\000\163\054\131\261\041\006\341\373\254\030\225\014\243\377\231
+-\226\367\053\047\233\325\044\314\035\335\301\072\340\230\104\260
+-\304\344\076\167\261\163\251\144\054\366\034\001\174\077\135\105
+-\205\300\205\347\045\217\225\334\027\363\074\237\032\156\260\312
+-\343\035\052\351\114\143\372\044\141\142\326\332\176\266\034\154
+-\365\002\035\324\052\335\125\220\353\052\021\107\074\056\136\164
+-\262\202\042\245\175\123\037\105\354\047\221\175\347\042\026\350
+-\300\150\066\330\306\361\117\200\104\062\371\341\321\321\035\252
+-\336\250\253\234\004\257\255\040\016\144\230\115\245\153\300\110
+-\130\226\151\115\334\007\214\121\223\242\337\237\017\075\213\140
+-\264\202\215\252\010\116\142\105\340\371\013\322\340\340\074\133
+-\336\134\161\047\045\302\346\003\201\213\020\123\343\307\125\242
+-\264\237\327\346
+-END
+-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+-CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
+-
+-# Trust for "TrustCor ECA-1"
+-# Issuer: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
+-# Serial Number:00:84:82:2c:5f:1c:62:d0:40
+-# Subject: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
+-# Not Valid Before: Thu Feb 04 12:32:33 2016
+-# Not Valid After : Mon Dec 31 17:28:07 2029
+-# Fingerprint (SHA-256): 5A:88:5D:B1:9C:01:D9:12:C5:75:93:88:93:8C:AF:BB:DF:03:1A:B2:D4:8E:91:EE:15:58:9B:42:97:1D:03:9C
+-# Fingerprint (SHA1): 58:D1:DF:95:95:67:6B:63:C0:F0:5B:1C:17:4D:8B:84:0B:C8:78:BD
+-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+-CKA_TOKEN CK_BBOOL CK_TRUE
+-CKA_PRIVATE CK_BBOOL CK_FALSE
+-CKA_MODIFIABLE CK_BBOOL CK_FALSE
+-CKA_LABEL UTF8 "TrustCor ECA-1"
+-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+-\130\321\337\225\225\147\153\143\300\360\133\034\027\115\213\204
+-\013\310\170\275
+-END
+-CKA_CERT_MD5_HASH MULTILINE_OCTAL
+-\047\222\043\035\012\365\100\174\351\346\153\235\330\365\347\154
+-END
+-CKA_ISSUER MULTILINE_OCTAL
+-\060\201\234\061\013\060\011\006\003\125\004\006\023\002\120\101
+-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
+-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
+-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
+-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
+-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
+-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
+-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
+-\150\157\162\151\164\171\061\027\060\025\006\003\125\004\003\014
+-\016\124\162\165\163\164\103\157\162\040\105\103\101\055\061
+-END
+-CKA_SERIAL_NUMBER MULTILINE_OCTAL
+-\002\011\000\204\202\054\137\034\142\320\100
+-END
+-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+-
+-#
+ # Certificate "SSL.com Root Certification Authority RSA"
+ #
+ # Issuer: CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US
--
2.34.1
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH] ca-certificates: Remove TrustCor Systems root CAs
2022-12-01 9:46 [PATCH] ca-certificates: Remove TrustCor Systems root CAs Peter Müller
@ 2022-12-01 11:13 ` Michael Tremer
0 siblings, 0 replies; 2+ messages in thread
From: Michael Tremer @ 2022-12-01 11:13 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 35323 bytes --]
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
> On 1 Dec 2022, at 09:46, Peter Müller <peter.mueller(a)ipfire.org> wrote:
>
> On November 30, 2022, Mozilla decided to take the following
> actions as a response to the concerns raised about the merits
> of this root CA operator (excerpt taken from
> https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ):
>
>> 1. Set "Distrust for TLS After Date" and "Distrust for S/MIME
>> After Date" to November 30, 2022, for the 3 TrustCor root
>> certificates (TrustCor RootCert CA-1, TrustCor ECA-1,
>> TrustCor RootCert CA-2) that are currently included in
>> Mozilla's root store.
>>
>> 2. Remove those root certificates from Mozilla's root store
>> after the existing end-entity TLS certificates have expired.
>
> As far as the latter is concerned, the offending certificates
> have these expiry dates set:
> - TrustCor RootCert CA-1: Mon, 31 Dec 2029 17:23:16 GMT
> - TrustCor RootCert CA-2: Sun, 31 Dec 2034 17:26:39 GMT
> - TrustCor ECA-1: Mon, 31 Dec 2029 17:28:07 GMT
>
> The way IPFire 2 currently processes Mozilla's trust store
> does not feature a way of incorporate a "Distrust for XYZ After
> Date" attribute. This means that despite TrustCor Systems root
> CAs are no longer trusted by browsers using Mozilla's trust
> store, IPFire would still accept certificates directly or
> indirectly issued by this CA until December 2029 or December 2034.
>
> To protect IPFire users, this patch therefore suggests to
> patch our copy of Mozilla's trust store in order to remove
> TrustCor Systems' root CAs: The vast majority of HTTPS connections
> established from an IPFire machine take place in a non-interactive
> context, so there is no security benefit from a "Distrust After
> Date" information. Instead, if we do not want IPFire installations
> to trust this CA, we have no other option other than remove it
> unilaterally from our copy of Mozilla's trust store.
>
> See also: https://lists.ipfire.org/pipermail/development/2022-November/014681.html
>
> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
> ---
> lfs/ca-certificates | 6 +-
> ...tes-Remove-TrustCor-Systems-root-CAs.patch | 520 ++++++++++++++++++
> 2 files changed, 525 insertions(+), 1 deletion(-)
> create mode 100644 src/patches/ca-certificates-Remove-TrustCor-Systems-root-CAs.patch
>
> diff --git a/lfs/ca-certificates b/lfs/ca-certificates
> index b79f59cd1..70f9e0ea6 100644
> --- a/lfs/ca-certificates
> +++ b/lfs/ca-certificates
> @@ -24,7 +24,7 @@
>
> include Config
>
> -VER = 20220917
> +VER = 20221201
>
> # From https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt
>
> @@ -52,6 +52,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> @$(PREBUILD)
> @rm -rf $(DIR_APP) && cp -av $(DIR_CONF)/$(THISAPP) $(DIR_APP)
>
> + # Remove TrustCor Systems root CAs (see mailing list thread:
> + # https://lists.ipfire.org/pipermail/development/2022-November/014681.html)
> + cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/ca-certificates-Remove-TrustCor-Systems-root-CAs.patch
> +
> cd $(DIR_APP) && sh ./build.sh
>
> -mkdir -pv /etc/ssl/certs
> diff --git a/src/patches/ca-certificates-Remove-TrustCor-Systems-root-CAs.patch b/src/patches/ca-certificates-Remove-TrustCor-Systems-root-CAs.patch
> new file mode 100644
> index 000000000..99498a41a
> --- /dev/null
> +++ b/src/patches/ca-certificates-Remove-TrustCor-Systems-root-CAs.patch
> @@ -0,0 +1,520 @@
> +--- certdata.txt 2022-12-01 10:23:58.186454756 +0100
> ++++ certdata.txt 2022-12-01 10:25:19.587297113 +0100
> +@@ -15292,517 +15292,6 @@
> + CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
> +
> + #
> +-# Certificate "TrustCor RootCert CA-1"
> +-#
> +-# Issuer: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
> +-# Serial Number:00:da:9b:ec:71:f3:03:b0:19
> +-# Subject: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
> +-# Not Valid Before: Thu Feb 04 12:32:16 2016
> +-# Not Valid After : Mon Dec 31 17:23:16 2029
> +-# Fingerprint (SHA-256): D4:0E:9C:86:CD:8F:E4:68:C1:77:69:59:F4:9E:A7:74:FA:54:86:84:B6:C4:06:F3:90:92:61:F4:DC:E2:57:5C
> +-# Fingerprint (SHA1): FF:BD:CD:E7:82:C8:43:5E:3C:6F:26:86:5C:CA:A8:3A:45:5B:C3:0A
> +-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
> +-CKA_TOKEN CK_BBOOL CK_TRUE
> +-CKA_PRIVATE CK_BBOOL CK_FALSE
> +-CKA_MODIFIABLE CK_BBOOL CK_FALSE
> +-CKA_LABEL UTF8 "TrustCor RootCert CA-1"
> +-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
> +-CKA_SUBJECT MULTILINE_OCTAL
> +-\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101
> +-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
> +-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
> +-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
> +-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
> +-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
> +-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
> +-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
> +-\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014
> +-\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145
> +-\162\164\040\103\101\055\061
> +-END
> +-CKA_ID UTF8 "0"
> +-CKA_ISSUER MULTILINE_OCTAL
> +-\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101
> +-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
> +-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
> +-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
> +-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
> +-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
> +-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
> +-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
> +-\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014
> +-\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145
> +-\162\164\040\103\101\055\061
> +-END
> +-CKA_SERIAL_NUMBER MULTILINE_OCTAL
> +-\002\011\000\332\233\354\161\363\003\260\031
> +-END
> +-CKA_VALUE MULTILINE_OCTAL
> +-\060\202\004\060\060\202\003\030\240\003\002\001\002\002\011\000
> +-\332\233\354\161\363\003\260\031\060\015\006\011\052\206\110\206
> +-\367\015\001\001\013\005\000\060\201\244\061\013\060\011\006\003
> +-\125\004\006\023\002\120\101\061\017\060\015\006\003\125\004\010
> +-\014\006\120\141\156\141\155\141\061\024\060\022\006\003\125\004
> +-\007\014\013\120\141\156\141\155\141\040\103\151\164\171\061\044
> +-\060\042\006\003\125\004\012\014\033\124\162\165\163\164\103\157
> +-\162\040\123\171\163\164\145\155\163\040\123\056\040\144\145\040
> +-\122\056\114\056\061\047\060\045\006\003\125\004\013\014\036\124
> +-\162\165\163\164\103\157\162\040\103\145\162\164\151\146\151\143
> +-\141\164\145\040\101\165\164\150\157\162\151\164\171\061\037\060
> +-\035\006\003\125\004\003\014\026\124\162\165\163\164\103\157\162
> +-\040\122\157\157\164\103\145\162\164\040\103\101\055\061\060\036
> +-\027\015\061\066\060\062\060\064\061\062\063\062\061\066\132\027
> +-\015\062\071\061\062\063\061\061\067\062\063\061\066\132\060\201
> +-\244\061\013\060\011\006\003\125\004\006\023\002\120\101\061\017
> +-\060\015\006\003\125\004\010\014\006\120\141\156\141\155\141\061
> +-\024\060\022\006\003\125\004\007\014\013\120\141\156\141\155\141
> +-\040\103\151\164\171\061\044\060\042\006\003\125\004\012\014\033
> +-\124\162\165\163\164\103\157\162\040\123\171\163\164\145\155\163
> +-\040\123\056\040\144\145\040\122\056\114\056\061\047\060\045\006
> +-\003\125\004\013\014\036\124\162\165\163\164\103\157\162\040\103
> +-\145\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157
> +-\162\151\164\171\061\037\060\035\006\003\125\004\003\014\026\124
> +-\162\165\163\164\103\157\162\040\122\157\157\164\103\145\162\164
> +-\040\103\101\055\061\060\202\001\042\060\015\006\011\052\206\110
> +-\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001
> +-\012\002\202\001\001\000\277\216\267\225\342\302\046\022\153\063
> +-\031\307\100\130\012\253\131\252\215\000\243\374\200\307\120\173
> +-\216\324\040\046\272\062\022\330\043\124\111\045\020\042\230\235
> +-\106\322\301\311\236\116\033\056\054\016\070\363\032\045\150\034
> +-\246\132\005\346\036\213\110\277\230\226\164\076\151\312\351\265
> +-\170\245\006\274\325\000\136\011\012\362\047\172\122\374\055\325
> +-\261\352\264\211\141\044\363\032\023\333\251\317\122\355\014\044
> +-\272\271\236\354\176\000\164\372\223\255\154\051\222\256\121\264
> +-\273\323\127\277\263\363\250\215\234\364\044\113\052\326\231\236
> +-\364\236\376\300\176\102\072\347\013\225\123\332\267\150\016\220
> +-\114\373\160\077\217\112\054\224\363\046\335\143\151\251\224\330
> +-\020\116\305\107\010\220\231\033\027\115\271\154\156\357\140\225
> +-\021\216\041\200\265\275\240\163\330\320\262\167\304\105\352\132
> +-\046\373\146\166\166\370\006\037\141\155\017\125\305\203\267\020
> +-\126\162\006\007\245\363\261\032\003\005\144\016\235\132\212\326
> +-\206\160\033\044\336\376\050\212\053\320\152\260\374\172\242\334
> +-\262\171\016\213\145\017\002\003\001\000\001\243\143\060\141\060
> +-\035\006\003\125\035\016\004\026\004\024\356\153\111\074\172\077
> +-\015\343\261\011\267\212\310\253\031\237\163\063\120\347\060\037
> +-\006\003\125\035\043\004\030\060\026\200\024\356\153\111\074\172
> +-\077\015\343\261\011\267\212\310\253\031\237\163\063\120\347\060
> +-\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377
> +-\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\206
> +-\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003
> +-\202\001\001\000\045\030\324\221\217\023\356\217\036\035\021\123
> +-\332\055\104\051\031\240\036\153\061\236\115\016\236\255\075\134
> +-\101\157\225\053\044\241\171\230\072\070\066\373\273\146\236\110
> +-\377\220\220\357\075\324\270\233\264\207\165\077\040\233\316\162
> +-\317\241\125\301\115\144\242\031\006\241\007\063\014\013\051\345
> +-\361\352\253\243\354\265\012\164\220\307\175\162\362\327\134\237
> +-\221\357\221\213\267\334\355\146\242\317\216\146\073\274\237\072
> +-\002\340\047\335\026\230\300\225\324\012\244\344\201\232\165\224
> +-\065\234\220\137\210\067\006\255\131\225\012\260\321\147\323\031
> +-\312\211\347\062\132\066\034\076\202\250\132\223\276\306\320\144
> +-\221\266\317\331\266\030\317\333\176\322\145\243\246\304\216\027
> +-\061\301\373\176\166\333\323\205\343\130\262\167\172\166\073\154
> +-\057\120\034\347\333\366\147\171\037\365\202\225\232\007\247\024
> +-\257\217\334\050\041\147\011\322\326\115\132\034\031\034\216\167
> +-\134\303\224\044\075\062\153\113\176\324\170\224\203\276\067\115
> +-\316\137\307\036\116\074\340\211\063\225\013\017\245\062\326\074
> +-\132\171\054\031
> +-END
> +-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +-CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +-
> +-# Trust for "TrustCor RootCert CA-1"
> +-# Issuer: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
> +-# Serial Number:00:da:9b:ec:71:f3:03:b0:19
> +-# Subject: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
> +-# Not Valid Before: Thu Feb 04 12:32:16 2016
> +-# Not Valid After : Mon Dec 31 17:23:16 2029
> +-# Fingerprint (SHA-256): D4:0E:9C:86:CD:8F:E4:68:C1:77:69:59:F4:9E:A7:74:FA:54:86:84:B6:C4:06:F3:90:92:61:F4:DC:E2:57:5C
> +-# Fingerprint (SHA1): FF:BD:CD:E7:82:C8:43:5E:3C:6F:26:86:5C:CA:A8:3A:45:5B:C3:0A
> +-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
> +-CKA_TOKEN CK_BBOOL CK_TRUE
> +-CKA_PRIVATE CK_BBOOL CK_FALSE
> +-CKA_MODIFIABLE CK_BBOOL CK_FALSE
> +-CKA_LABEL UTF8 "TrustCor RootCert CA-1"
> +-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
> +-\377\275\315\347\202\310\103\136\074\157\046\206\134\312\250\072
> +-\105\133\303\012
> +-END
> +-CKA_CERT_MD5_HASH MULTILINE_OCTAL
> +-\156\205\361\334\032\000\323\042\325\262\262\254\153\067\005\105
> +-END
> +-CKA_ISSUER MULTILINE_OCTAL
> +-\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101
> +-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
> +-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
> +-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
> +-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
> +-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
> +-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
> +-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
> +-\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014
> +-\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145
> +-\162\164\040\103\101\055\061
> +-END
> +-CKA_SERIAL_NUMBER MULTILINE_OCTAL
> +-\002\011\000\332\233\354\161\363\003\260\031
> +-END
> +-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
> +-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
> +-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
> +-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
> +-
> +-#
> +-# Certificate "TrustCor RootCert CA-2"
> +-#
> +-# Issuer: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
> +-# Serial Number:25:a1:df:ca:33:cb:59:02
> +-# Subject: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
> +-# Not Valid Before: Thu Feb 04 12:32:23 2016
> +-# Not Valid After : Sun Dec 31 17:26:39 2034
> +-# Fingerprint (SHA-256): 07:53:E9:40:37:8C:1B:D5:E3:83:6E:39:5D:AE:A5:CB:83:9E:50:46:F1:BD:0E:AE:19:51:CF:10:FE:C7:C9:65
> +-# Fingerprint (SHA1): B8:BE:6D:CB:56:F1:55:B9:63:D4:12:CA:4E:06:34:C7:94:B2:1C:C0
> +-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
> +-CKA_TOKEN CK_BBOOL CK_TRUE
> +-CKA_PRIVATE CK_BBOOL CK_FALSE
> +-CKA_MODIFIABLE CK_BBOOL CK_FALSE
> +-CKA_LABEL UTF8 "TrustCor RootCert CA-2"
> +-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
> +-CKA_SUBJECT MULTILINE_OCTAL
> +-\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101
> +-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
> +-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
> +-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
> +-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
> +-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
> +-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
> +-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
> +-\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014
> +-\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145
> +-\162\164\040\103\101\055\062
> +-END
> +-CKA_ID UTF8 "0"
> +-CKA_ISSUER MULTILINE_OCTAL
> +-\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101
> +-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
> +-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
> +-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
> +-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
> +-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
> +-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
> +-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
> +-\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014
> +-\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145
> +-\162\164\040\103\101\055\062
> +-END
> +-CKA_SERIAL_NUMBER MULTILINE_OCTAL
> +-\002\010\045\241\337\312\063\313\131\002
> +-END
> +-CKA_VALUE MULTILINE_OCTAL
> +-\060\202\006\057\060\202\004\027\240\003\002\001\002\002\010\045
> +-\241\337\312\063\313\131\002\060\015\006\011\052\206\110\206\367
> +-\015\001\001\013\005\000\060\201\244\061\013\060\011\006\003\125
> +-\004\006\023\002\120\101\061\017\060\015\006\003\125\004\010\014
> +-\006\120\141\156\141\155\141\061\024\060\022\006\003\125\004\007
> +-\014\013\120\141\156\141\155\141\040\103\151\164\171\061\044\060
> +-\042\006\003\125\004\012\014\033\124\162\165\163\164\103\157\162
> +-\040\123\171\163\164\145\155\163\040\123\056\040\144\145\040\122
> +-\056\114\056\061\047\060\045\006\003\125\004\013\014\036\124\162
> +-\165\163\164\103\157\162\040\103\145\162\164\151\146\151\143\141
> +-\164\145\040\101\165\164\150\157\162\151\164\171\061\037\060\035
> +-\006\003\125\004\003\014\026\124\162\165\163\164\103\157\162\040
> +-\122\157\157\164\103\145\162\164\040\103\101\055\062\060\036\027
> +-\015\061\066\060\062\060\064\061\062\063\062\062\063\132\027\015
> +-\063\064\061\062\063\061\061\067\062\066\063\071\132\060\201\244
> +-\061\013\060\011\006\003\125\004\006\023\002\120\101\061\017\060
> +-\015\006\003\125\004\010\014\006\120\141\156\141\155\141\061\024
> +-\060\022\006\003\125\004\007\014\013\120\141\156\141\155\141\040
> +-\103\151\164\171\061\044\060\042\006\003\125\004\012\014\033\124
> +-\162\165\163\164\103\157\162\040\123\171\163\164\145\155\163\040
> +-\123\056\040\144\145\040\122\056\114\056\061\047\060\045\006\003
> +-\125\004\013\014\036\124\162\165\163\164\103\157\162\040\103\145
> +-\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157\162
> +-\151\164\171\061\037\060\035\006\003\125\004\003\014\026\124\162
> +-\165\163\164\103\157\162\040\122\157\157\164\103\145\162\164\040
> +-\103\101\055\062\060\202\002\042\060\015\006\011\052\206\110\206
> +-\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002\012
> +-\002\202\002\001\000\247\040\156\302\052\242\142\044\225\220\166
> +-\310\070\176\200\322\253\301\233\145\005\224\364\301\012\020\325
> +-\002\254\355\237\223\307\207\310\260\047\053\102\014\075\012\076
> +-\101\132\236\165\335\215\312\340\233\354\150\062\244\151\222\150
> +-\214\013\201\016\126\240\076\032\335\054\045\024\202\057\227\323
> +-\144\106\364\124\251\334\072\124\055\061\053\231\202\362\331\052
> +-\327\357\161\000\270\061\244\276\172\044\007\303\102\040\362\212
> +-\324\222\004\033\145\126\114\154\324\373\266\141\132\107\043\264
> +-\330\151\264\267\072\320\164\074\014\165\241\214\116\166\241\351
> +-\333\052\245\073\372\316\260\377\176\152\050\375\047\034\310\261
> +-\351\051\361\127\156\144\264\320\301\025\155\016\276\056\016\106
> +-\310\136\364\121\376\357\016\143\072\073\161\272\317\157\131\312
> +-\014\343\233\135\111\270\114\342\127\261\230\212\102\127\234\166
> +-\357\357\275\321\150\250\322\364\011\273\167\065\276\045\202\010
> +-\304\026\054\104\040\126\251\104\021\167\357\135\264\035\252\136
> +-\153\076\213\062\366\007\057\127\004\222\312\365\376\235\302\351
> +-\350\263\216\114\113\002\061\331\344\074\110\202\047\367\030\202
> +-\166\110\072\161\261\023\241\071\325\056\305\064\302\035\142\205
> +-\337\003\376\115\364\257\075\337\134\133\215\372\160\341\245\176
> +-\047\307\206\056\152\217\022\306\204\136\103\121\120\234\031\233
> +-\170\346\374\366\355\107\176\173\075\146\357\023\023\210\137\074
> +-\241\143\373\371\254\207\065\237\363\202\236\244\077\012\234\061
> +-\151\213\231\244\210\112\216\156\146\115\357\026\304\017\171\050
> +-\041\140\015\205\026\175\327\124\070\361\222\126\375\265\063\114
> +-\203\334\327\020\237\113\375\306\370\102\275\272\174\163\002\340
> +-\377\175\315\133\341\324\254\141\173\127\325\112\173\133\324\205
> +-\130\047\135\277\370\053\140\254\240\046\256\024\041\047\306\167
> +-\232\063\200\074\136\106\077\367\303\261\243\206\063\306\350\136
> +-\015\271\065\054\252\106\301\205\002\165\200\240\353\044\373\025
> +-\252\344\147\177\156\167\077\364\004\212\057\174\173\343\027\141
> +-\360\335\011\251\040\310\276\011\244\320\176\104\303\262\060\112
> +-\070\252\251\354\030\232\007\202\053\333\270\234\030\255\332\340
> +-\106\027\254\317\135\002\003\001\000\001\243\143\060\141\060\035
> +-\006\003\125\035\016\004\026\004\024\331\376\041\100\156\224\236
> +-\274\233\075\234\175\230\040\031\345\214\060\142\262\060\037\006
> +-\003\125\035\043\004\030\060\026\200\024\331\376\041\100\156\224
> +-\236\274\233\075\234\175\230\040\031\345\214\060\142\262\060\017
> +-\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060
> +-\016\006\003\125\035\017\001\001\377\004\004\003\002\001\206\060
> +-\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202
> +-\002\001\000\236\105\236\014\073\266\357\341\072\310\174\321\000
> +-\075\317\342\352\006\265\262\072\273\006\113\150\172\320\043\227
> +-\164\247\054\360\010\330\171\132\327\132\204\212\330\022\232\033
> +-\331\175\134\115\160\305\245\371\253\345\243\211\211\335\001\372
> +-\354\335\371\351\222\227\333\260\106\102\363\323\142\252\225\376
> +-\061\147\024\151\130\220\012\252\013\356\067\043\307\120\121\264
> +-\365\176\236\343\173\367\344\314\102\062\055\111\014\313\377\111
> +-\014\233\036\064\375\156\156\226\212\171\003\266\157\333\011\313
> +-\375\137\145\024\067\341\070\365\363\141\026\130\344\265\155\015
> +-\013\004\033\077\120\055\177\263\307\172\032\026\200\140\370\212
> +-\037\351\033\052\306\371\272\001\032\151\277\322\130\307\124\127
> +-\010\217\341\071\140\167\113\254\131\204\032\210\361\335\313\117
> +-\170\327\347\341\063\055\374\356\101\372\040\260\276\313\367\070
> +-\224\300\341\320\205\017\273\355\054\163\253\355\376\222\166\032
> +-\144\177\133\015\063\011\007\063\173\006\077\021\244\134\160\074
> +-\205\300\317\343\220\250\203\167\372\333\346\305\214\150\147\020
> +-\147\245\122\055\360\304\231\217\177\277\321\153\342\265\107\326
> +-\331\320\205\231\115\224\233\017\113\215\356\000\132\107\035\021
> +-\003\254\101\030\257\207\267\157\014\072\217\312\317\334\003\301
> +-\242\011\310\345\375\200\136\310\140\102\001\033\032\123\132\273
> +-\067\246\267\274\272\204\351\036\154\032\324\144\332\324\103\376
> +-\223\213\113\362\054\171\026\020\324\223\013\210\217\241\330\206
> +-\024\106\221\107\233\050\044\357\127\122\116\134\102\234\252\367
> +-\111\354\047\350\100\036\263\246\211\042\162\234\365\015\063\264
> +-\130\243\060\073\335\324\152\124\223\276\032\115\363\223\224\367
> +-\374\204\013\077\204\040\134\064\003\104\305\332\255\274\012\301
> +-\002\317\036\345\224\331\363\216\133\330\114\360\235\354\141\027
> +-\273\024\062\124\014\002\051\223\036\222\206\366\177\357\347\222
> +-\005\016\131\335\231\010\056\056\372\234\000\122\323\305\146\051
> +-\344\247\227\104\244\016\050\201\023\065\305\366\157\144\346\101
> +-\304\325\057\314\064\105\045\317\101\000\226\075\112\056\302\226
> +-\230\117\116\112\234\227\267\333\037\222\062\310\377\017\121\156
> +-\326\354\011
> +-END
> +-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +-CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +-
> +-# Trust for "TrustCor RootCert CA-2"
> +-# Issuer: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
> +-# Serial Number:25:a1:df:ca:33:cb:59:02
> +-# Subject: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
> +-# Not Valid Before: Thu Feb 04 12:32:23 2016
> +-# Not Valid After : Sun Dec 31 17:26:39 2034
> +-# Fingerprint (SHA-256): 07:53:E9:40:37:8C:1B:D5:E3:83:6E:39:5D:AE:A5:CB:83:9E:50:46:F1:BD:0E:AE:19:51:CF:10:FE:C7:C9:65
> +-# Fingerprint (SHA1): B8:BE:6D:CB:56:F1:55:B9:63:D4:12:CA:4E:06:34:C7:94:B2:1C:C0
> +-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
> +-CKA_TOKEN CK_BBOOL CK_TRUE
> +-CKA_PRIVATE CK_BBOOL CK_FALSE
> +-CKA_MODIFIABLE CK_BBOOL CK_FALSE
> +-CKA_LABEL UTF8 "TrustCor RootCert CA-2"
> +-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
> +-\270\276\155\313\126\361\125\271\143\324\022\312\116\006\064\307
> +-\224\262\034\300
> +-END
> +-CKA_CERT_MD5_HASH MULTILINE_OCTAL
> +-\242\341\370\030\013\272\105\325\307\101\052\273\067\122\105\144
> +-END
> +-CKA_ISSUER MULTILINE_OCTAL
> +-\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101
> +-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
> +-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
> +-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
> +-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
> +-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
> +-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
> +-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
> +-\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014
> +-\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145
> +-\162\164\040\103\101\055\062
> +-END
> +-CKA_SERIAL_NUMBER MULTILINE_OCTAL
> +-\002\010\045\241\337\312\063\313\131\002
> +-END
> +-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
> +-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
> +-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
> +-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
> +-
> +-#
> +-# Certificate "TrustCor ECA-1"
> +-#
> +-# Issuer: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
> +-# Serial Number:00:84:82:2c:5f:1c:62:d0:40
> +-# Subject: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
> +-# Not Valid Before: Thu Feb 04 12:32:33 2016
> +-# Not Valid After : Mon Dec 31 17:28:07 2029
> +-# Fingerprint (SHA-256): 5A:88:5D:B1:9C:01:D9:12:C5:75:93:88:93:8C:AF:BB:DF:03:1A:B2:D4:8E:91:EE:15:58:9B:42:97:1D:03:9C
> +-# Fingerprint (SHA1): 58:D1:DF:95:95:67:6B:63:C0:F0:5B:1C:17:4D:8B:84:0B:C8:78:BD
> +-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
> +-CKA_TOKEN CK_BBOOL CK_TRUE
> +-CKA_PRIVATE CK_BBOOL CK_FALSE
> +-CKA_MODIFIABLE CK_BBOOL CK_FALSE
> +-CKA_LABEL UTF8 "TrustCor ECA-1"
> +-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
> +-CKA_SUBJECT MULTILINE_OCTAL
> +-\060\201\234\061\013\060\011\006\003\125\004\006\023\002\120\101
> +-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
> +-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
> +-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
> +-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
> +-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
> +-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
> +-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
> +-\150\157\162\151\164\171\061\027\060\025\006\003\125\004\003\014
> +-\016\124\162\165\163\164\103\157\162\040\105\103\101\055\061
> +-END
> +-CKA_ID UTF8 "0"
> +-CKA_ISSUER MULTILINE_OCTAL
> +-\060\201\234\061\013\060\011\006\003\125\004\006\023\002\120\101
> +-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
> +-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
> +-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
> +-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
> +-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
> +-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
> +-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
> +-\150\157\162\151\164\171\061\027\060\025\006\003\125\004\003\014
> +-\016\124\162\165\163\164\103\157\162\040\105\103\101\055\061
> +-END
> +-CKA_SERIAL_NUMBER MULTILINE_OCTAL
> +-\002\011\000\204\202\054\137\034\142\320\100
> +-END
> +-CKA_VALUE MULTILINE_OCTAL
> +-\060\202\004\040\060\202\003\010\240\003\002\001\002\002\011\000
> +-\204\202\054\137\034\142\320\100\060\015\006\011\052\206\110\206
> +-\367\015\001\001\013\005\000\060\201\234\061\013\060\011\006\003
> +-\125\004\006\023\002\120\101\061\017\060\015\006\003\125\004\010
> +-\014\006\120\141\156\141\155\141\061\024\060\022\006\003\125\004
> +-\007\014\013\120\141\156\141\155\141\040\103\151\164\171\061\044
> +-\060\042\006\003\125\004\012\014\033\124\162\165\163\164\103\157
> +-\162\040\123\171\163\164\145\155\163\040\123\056\040\144\145\040
> +-\122\056\114\056\061\047\060\045\006\003\125\004\013\014\036\124
> +-\162\165\163\164\103\157\162\040\103\145\162\164\151\146\151\143
> +-\141\164\145\040\101\165\164\150\157\162\151\164\171\061\027\060
> +-\025\006\003\125\004\003\014\016\124\162\165\163\164\103\157\162
> +-\040\105\103\101\055\061\060\036\027\015\061\066\060\062\060\064
> +-\061\062\063\062\063\063\132\027\015\062\071\061\062\063\061\061
> +-\067\062\070\060\067\132\060\201\234\061\013\060\011\006\003\125
> +-\004\006\023\002\120\101\061\017\060\015\006\003\125\004\010\014
> +-\006\120\141\156\141\155\141\061\024\060\022\006\003\125\004\007
> +-\014\013\120\141\156\141\155\141\040\103\151\164\171\061\044\060
> +-\042\006\003\125\004\012\014\033\124\162\165\163\164\103\157\162
> +-\040\123\171\163\164\145\155\163\040\123\056\040\144\145\040\122
> +-\056\114\056\061\047\060\045\006\003\125\004\013\014\036\124\162
> +-\165\163\164\103\157\162\040\103\145\162\164\151\146\151\143\141
> +-\164\145\040\101\165\164\150\157\162\151\164\171\061\027\060\025
> +-\006\003\125\004\003\014\016\124\162\165\163\164\103\157\162\040
> +-\105\103\101\055\061\060\202\001\042\060\015\006\011\052\206\110
> +-\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001
> +-\012\002\202\001\001\000\317\217\340\021\265\237\250\166\166\333
> +-\337\017\124\357\163\143\051\202\255\107\306\243\153\355\376\137
> +-\063\370\103\121\351\032\063\221\061\027\240\164\304\324\247\001
> +-\346\262\222\076\152\235\355\016\371\164\230\100\323\077\003\200
> +-\006\202\100\350\261\342\247\121\247\035\203\046\153\253\336\372
> +-\027\221\053\330\306\254\036\261\236\031\001\325\227\246\352\015
> +-\267\304\125\037\047\174\322\010\325\166\037\051\025\207\100\071
> +-\335\070\105\021\165\320\232\247\064\340\277\315\310\122\035\271
> +-\107\176\015\270\273\306\014\366\163\127\026\132\176\103\221\037
> +-\125\072\306\155\104\004\252\234\251\234\247\114\211\027\203\256
> +-\243\004\136\122\200\213\036\022\045\021\031\327\014\175\175\061
> +-\104\101\352\333\257\260\034\357\201\320\054\305\232\041\233\075
> +-\355\102\073\120\046\362\354\316\161\141\006\142\041\124\116\177
> +-\301\235\076\177\040\214\200\313\052\330\227\142\310\203\063\221
> +-\175\260\242\132\017\127\350\073\314\362\045\262\324\174\057\354
> +-\115\306\241\072\025\172\347\266\135\065\365\366\110\112\066\105
> +-\146\324\272\230\130\301\002\003\001\000\001\243\143\060\141\060
> +-\035\006\003\125\035\016\004\026\004\024\104\236\110\365\314\155
> +-\110\324\240\113\177\376\131\044\057\203\227\231\232\206\060\037
> +-\006\003\125\035\043\004\030\060\026\200\024\104\236\110\365\314
> +-\155\110\324\240\113\177\376\131\044\057\203\227\231\232\206\060
> +-\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377
> +-\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\206
> +-\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003
> +-\202\001\001\000\005\076\065\134\025\160\233\311\307\163\141\157
> +-\162\053\324\302\217\362\103\135\002\316\304\224\271\224\021\203
> +-\147\135\342\147\154\165\166\277\273\014\252\066\306\255\107\223
> +-\143\334\036\176\326\336\056\376\351\031\062\070\003\177\024\366
> +-\000\163\054\131\261\041\006\341\373\254\030\225\014\243\377\231
> +-\226\367\053\047\233\325\044\314\035\335\301\072\340\230\104\260
> +-\304\344\076\167\261\163\251\144\054\366\034\001\174\077\135\105
> +-\205\300\205\347\045\217\225\334\027\363\074\237\032\156\260\312
> +-\343\035\052\351\114\143\372\044\141\142\326\332\176\266\034\154
> +-\365\002\035\324\052\335\125\220\353\052\021\107\074\056\136\164
> +-\262\202\042\245\175\123\037\105\354\047\221\175\347\042\026\350
> +-\300\150\066\330\306\361\117\200\104\062\371\341\321\321\035\252
> +-\336\250\253\234\004\257\255\040\016\144\230\115\245\153\300\110
> +-\130\226\151\115\334\007\214\121\223\242\337\237\017\075\213\140
> +-\264\202\215\252\010\116\142\105\340\371\013\322\340\340\074\133
> +-\336\134\161\047\045\302\346\003\201\213\020\123\343\307\125\242
> +-\264\237\327\346
> +-END
> +-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +-CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +-
> +-# Trust for "TrustCor ECA-1"
> +-# Issuer: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
> +-# Serial Number:00:84:82:2c:5f:1c:62:d0:40
> +-# Subject: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
> +-# Not Valid Before: Thu Feb 04 12:32:33 2016
> +-# Not Valid After : Mon Dec 31 17:28:07 2029
> +-# Fingerprint (SHA-256): 5A:88:5D:B1:9C:01:D9:12:C5:75:93:88:93:8C:AF:BB:DF:03:1A:B2:D4:8E:91:EE:15:58:9B:42:97:1D:03:9C
> +-# Fingerprint (SHA1): 58:D1:DF:95:95:67:6B:63:C0:F0:5B:1C:17:4D:8B:84:0B:C8:78:BD
> +-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
> +-CKA_TOKEN CK_BBOOL CK_TRUE
> +-CKA_PRIVATE CK_BBOOL CK_FALSE
> +-CKA_MODIFIABLE CK_BBOOL CK_FALSE
> +-CKA_LABEL UTF8 "TrustCor ECA-1"
> +-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
> +-\130\321\337\225\225\147\153\143\300\360\133\034\027\115\213\204
> +-\013\310\170\275
> +-END
> +-CKA_CERT_MD5_HASH MULTILINE_OCTAL
> +-\047\222\043\035\012\365\100\174\351\346\153\235\330\365\347\154
> +-END
> +-CKA_ISSUER MULTILINE_OCTAL
> +-\060\201\234\061\013\060\011\006\003\125\004\006\023\002\120\101
> +-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
> +-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
> +-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
> +-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
> +-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
> +-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
> +-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
> +-\150\157\162\151\164\171\061\027\060\025\006\003\125\004\003\014
> +-\016\124\162\165\163\164\103\157\162\040\105\103\101\055\061
> +-END
> +-CKA_SERIAL_NUMBER MULTILINE_OCTAL
> +-\002\011\000\204\202\054\137\034\142\320\100
> +-END
> +-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
> +-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
> +-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
> +-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
> +-
> +-#
> + # Certificate "SSL.com Root Certification Authority RSA"
> + #
> + # Issuer: CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US
> --
> 2.34.1
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-12-01 11:13 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-12-01 9:46 [PATCH] ca-certificates: Remove TrustCor Systems root CAs Peter Müller
2022-12-01 11:13 ` Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox