Development February 2024

development@lists.ipfire.org

9 participants
37 discussions

[PATCH 1/2] ovpnmain.cgi: Fixes bug#13404 - prevents certs being saved if common name is already used
by Adolf Belka 26 Feb '24

26 Feb '24

- This was fixed by moving the code for checking if the common name is already used, to the same location as the code for checking if the connection name is already used. - Tested out on vm testbed and confirmed that the certificates are not created and the index.txt not updated if the common name is flagged as already being used. If the entry is changed to use a new CN and Save pressed then the certs are saved and the index.txt updated. If Cancel is pressed then no certs are saved and index.txt is not updated. Fixes: Bug#13404 Tested-by: Adolf Belka <adolf.belka(a)ipfire.org> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> --- html/cgi-bin/ovpnmain.cgi | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index eb89c5095..98900b277 100755 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -4216,15 +4216,25 @@ if ($cgiparams{'TYPE'} eq 'net') { } } - # Check for RW if client name is already set - if ($cgiparams{'TYPE'} eq 'host') { - foreach my $key (keys %confighash) { - if ($confighash{$key}[1] eq $cgiparams{'NAME'}) { - $errormessage = $Lang::tr{'a connection with this name already exists'}; - goto VPNCONF_ERROR; - } - } - } + # Check for RW if client name is already set + if ($cgiparams{'TYPE'} eq 'host') { + foreach my $key (keys %confighash) { + if ($confighash{$key}[1] eq $cgiparams{'NAME'}) { + $errormessage = $Lang::tr{'a connection with this name already exists'}; + goto VPNCONF_ERROR; + } + } + } + + # Check if there is no other entry with this common name + if ((! $cgiparams{'KEY'}) && ($cgiparams{'AUTH'} ne 'psk')) { + foreach my $key (keys %confighash) { + if ($confighash{$key}[2] eq $cgiparams{'CERT_NAME'}) { + $errormessage = $Lang::tr{'a connection with this common name already exists'}; + goto VPNCONF_ERROR; + } + } + } # Replace empty strings with a . (my $ou = $cgiparams{'CERT_OU'}) =~ s/^\s*$/\./; @@ -4309,16 +4319,6 @@ if ($cgiparams{'TYPE'} eq 'net') { goto VPNCONF_ERROR; } - # Check if there is no other entry with this common name - if ((! $cgiparams{'KEY'}) && ($cgiparams{'AUTH'} ne 'psk')) { - foreach my $key (keys %confighash) { - if ($confighash{$key}[2] eq $cgiparams{'CERT_NAME'}) { - $errormessage = $Lang::tr{'a connection with this common name already exists'}; - goto VPNCONF_ERROR; - } - } - } - # Save the config my $key = $cgiparams{'KEY'}; -- 2.44.0

1 1

[PATCH] Core Update 185: Ship elfutils
by Adolf Belka 26 Feb '24

26 Feb '24

Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> --- config/rootfiles/core/185/filelists/elfutils | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/185/filelists/elfutils diff --git a/config/rootfiles/core/185/filelists/elfutils b/config/rootfiles/core/185/filelists/elfutils new file mode 120000 index 000000000..8367974bb --- /dev/null +++ b/config/rootfiles/core/185/filelists/elfutils @@ -0,0 +1 @@ +../../../common/elfutils \ No newline at end of file -- 2.44.0

1 0

[PATCH v2] dhcp.cgi: Fixes bug#11774 - allows dhcp option of array of integer 8
by Adolf Belka 24 Feb '24

24 Feb '24

- This v2 version is to correct the bug number. I entered a wronn bug number in the first version - This extends the allowed options from just array of ip-address to also include integer 8 or integer 16 or integer 32. - Tested out on vm testbed. The array of integer 8 (or 16 or 32) is acceptewd by the dhcp options section. I am not able to test out that the function actually works as I don't have any dhcp situation set up to use that capability. - Records or array of records is still not included. It was only an expansion of the array of section to include integers. Fixes: bug#11774 Tested-by: Adolf Belka <adolf.belka(a)ipfire.org> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> --- html/cgi-bin/dhcp.cgi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/html/cgi-bin/dhcp.cgi b/html/cgi-bin/dhcp.cgi index c079fe1ae..be00f199a 100644 --- a/html/cgi-bin/dhcp.cgi +++ b/html/cgi-bin/dhcp.cgi @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team <info(a)ipfire.org> # +# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -48,7 +48,7 @@ my @nosaved=(); my %color = (); #Basic syntax allowed for new Option definition. Not implemented: RECORDS & array of RECORDS -our $OptionTypes = 'boolean|((un)?signed )?integer (8|16|32)|ip-address|text|string|encapsulate \w+|array of ip-address'; +our $OptionTypes = 'boolean|((un)?signed )?integer (8|16|32)|ip-address|text|string|encapsulate \w+|array of (ip-address|integer (8|16|32))'; &Header::showhttpheaders(); our @ITFs=('GREEN'); -- 2.44.0

1 0

[PATCH] dhcp.cgi: Fixes bug#12070 - allows dhcp option of array of integer 8
by Adolf Belka 24 Feb '24

24 Feb '24

- This extends the allowed options from just array of ip-address to also include integer 8 or integer 16 or integer 32. - Tested out on vm testbed. The array of integer 8 (or 16 or 32) is acceptewd by the dhcp options section. I am not able to test out that the function actually works as I don't have any dhcp situation set up to use that capability. - Records or array of records is still not included. It was only an expansion of the array of section to include integers. Fixes: bug#12070 Tested-by: Adolf Belka <adolf.belka(a)ipfire.org> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> --- html/cgi-bin/dhcp.cgi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/html/cgi-bin/dhcp.cgi b/html/cgi-bin/dhcp.cgi index c079fe1ae..be00f199a 100644 --- a/html/cgi-bin/dhcp.cgi +++ b/html/cgi-bin/dhcp.cgi @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team <info(a)ipfire.org> # +# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -48,7 +48,7 @@ my @nosaved=(); my %color = (); #Basic syntax allowed for new Option definition. Not implemented: RECORDS & array of RECORDS -our $OptionTypes = 'boolean|((un)?signed )?integer (8|16|32)|ip-address|text|string|encapsulate \w+|array of ip-address'; +our $OptionTypes = 'boolean|((un)?signed )?integer (8|16|32)|ip-address|text|string|encapsulate \w+|array of (ip-address|integer (8|16|32))'; &Header::showhttpheaders(); our @ITFs=('GREEN'); -- 2.44.0

1 0

[PATCH 1/2] ovpnmain.cgi: Fixes bug#13548 - imported N2N client connections get disabled instead of no-pass
by Adolf Belka 22 Feb '24

22 Feb '24

- When bug#11408 was fixed it was missed that key 41 has disabled inserted into it when uploading into the N2N client. This replaced the no-pass entry for all N2N connections resulting in the ovpnmain.cgi not being able to show the status correctly as the code looks for pass or no-pass. - The disabled entry has been present for a very long time and is not utilised anywhere in the code. - This fix ensures that key 41 in the uploaded N2N connection has no-pass entered - Tested out and confirmed in my vm testbed. Fixes: Bug#13548 Tested-by: Adolf Belka <adolf.belka(a)ipfire.org> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> --- html/cgi-bin/ovpnmain.cgi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index eb89c5095..b773bc4b7 100755 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -3472,7 +3472,7 @@ foreach my $dkey (keys %confighash) { $confighash{$key}[31] = $n2ntunmtu[1]; $confighash{$key}[39] = $n2nauth[1]; $confighash{$key}[40] = $n2ncipher[1]; - $confighash{$key}[41] = 'disabled'; + $confighash{$key}[41] = 'no-pass'; &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); -- 2.43.2

1 1

[PATCH] ovpn.cnf: Removal of SKID & AKID from server section - Fixes Bug#13595
by Adolf Belka 19 Feb '24

19 Feb '24

- The update to openssl-3.2.x introduced a bug fix which now gives an error if the subjectKeyIdentifier (SKID) or authorityKeyIdentifier (AKID) is in the x509 extensions for a CSR. - See the following discssion in the openssl github issues https://github.com/openssl/openssl/issues/22966#issuecomment-1858396738 - The SKID & AKID should never have been specified in the CSR but due to a bug they were never flagged with an error, just ignored. Since the bug fix for that bug was put into OpenSSL-3.2.0 the prescence of the SKID & AKID in the CSR causes an error to be flagged. - The consequence of this is that in CU183 trying to create a new x509 root/host certificate gives an error when the CSR is generated so only the root certificate is created and not the host certificate. - Tested out the removal of the SKID & AKID lines from the [ server ] section of the ovpn.cnf file and the root/host certificate set was created without any issue. - Then tested the creation of a RW client connection and that worked with no problems. Also creating a fresh N2N connection worked without any problems. - Also tested restoring from an earlier backup. The RW and N2N connections worked without issues with the AKID and SKID missing from the [ server ] section. - It would be good if this could be merged into CU184 for final testing. Fixes: Bug#13595 Tested-by: Adolf Belka <adolf.belka(a)ipfire.org> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> --- config/ovpn/openssl/ovpn.cnf | 3 --- 1 file changed, 3 deletions(-) diff --git a/config/ovpn/openssl/ovpn.cnf b/config/ovpn/openssl/ovpn.cnf index 96c3dcb09..bfa7ad744 100644 --- a/config/ovpn/openssl/ovpn.cnf +++ b/config/ovpn/openssl/ovpn.cnf @@ -79,13 +79,10 @@ extendedKeyUsage = clientAuth keyUsage = digitalSignature [ server ] - # JY ADDED -- Make a cert with nsCertType set to "server" basicConstraints = CA:FALSE nsCertType = server nsComment = "OpenSSL Generated Server Certificate" -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer:always extendedKeyUsage = serverAuth keyUsage = digitalSignature, keyEncipherment -- 2.43.2

1 0

[PATCH] ca-certificates: Update root CA certificates bundle
by Peter Müller 17 Feb '24

17 Feb '24

Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org> --- config/ca-certificates/certdata.txt | 1008 +++++++++++++++++++++++---- lfs/ca-certificates | 4 +- 2 files changed, 877 insertions(+), 135 deletions(-) diff --git a/config/ca-certificates/certdata.txt b/config/ca-certificates/certdata.txt index 59cc15df6..ed5e6cb17 100644 --- a/config/ca-certificates/certdata.txt +++ b/config/ca-certificates/certdata.txt @@ -1294,138 +1294,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "Security Communication Root CA" -# -# Issuer: OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP -# Serial Number: 0 (0x0) -# Subject: OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP -# Not Valid Before: Tue Sep 30 04:20:49 2003 -# Not Valid After : Sat Sep 30 04:20:49 2023 -# Fingerprint (SHA-256): E7:5E:72:ED:9F:56:0E:EC:6E:B4:80:00:73:A4:3F:C3:AD:19:19:5A:39:22:82:01:78:95:97:4A:99:02:6B:6C -# Fingerprint (SHA1): 36:B1:2B:49:F9:81:9E:D7:4C:9E:BC:38:0F:C6:56:8F:5D:AC:B2:F7 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Security Communication Root CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\120\061\013\060\011\006\003\125\004\006\023\002\112\120\061 -\030\060\026\006\003\125\004\012\023\017\123\105\103\117\115\040 -\124\162\165\163\164\056\156\145\164\061\047\060\045\006\003\125 -\004\013\023\036\123\145\143\165\162\151\164\171\040\103\157\155 -\155\165\156\151\143\141\164\151\157\156\040\122\157\157\164\103 -\101\061 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\120\061\013\060\011\006\003\125\004\006\023\002\112\120\061 -\030\060\026\006\003\125\004\012\023\017\123\105\103\117\115\040 -\124\162\165\163\164\056\156\145\164\061\047\060\045\006\003\125 -\004\013\023\036\123\145\143\165\162\151\164\171\040\103\157\155 -\155\165\156\151\143\141\164\151\157\156\040\122\157\157\164\103 -\101\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\000 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\132\060\202\002\102\240\003\002\001\002\002\001\000 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\120\061\013\060\011\006\003\125\004\006\023\002\112\120\061\030 -\060\026\006\003\125\004\012\023\017\123\105\103\117\115\040\124 -\162\165\163\164\056\156\145\164\061\047\060\045\006\003\125\004 -\013\023\036\123\145\143\165\162\151\164\171\040\103\157\155\155 -\165\156\151\143\141\164\151\157\156\040\122\157\157\164\103\101 -\061\060\036\027\015\060\063\060\071\063\060\060\064\062\060\064 -\071\132\027\015\062\063\060\071\063\060\060\064\062\060\064\071 -\132\060\120\061\013\060\011\006\003\125\004\006\023\002\112\120 -\061\030\060\026\006\003\125\004\012\023\017\123\105\103\117\115 -\040\124\162\165\163\164\056\156\145\164\061\047\060\045\006\003 -\125\004\013\023\036\123\145\143\165\162\151\164\171\040\103\157 -\155\155\165\156\151\143\141\164\151\157\156\040\122\157\157\164 -\103\101\061\060\202\001\042\060\015\006\011\052\206\110\206\367 -\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002 -\202\001\001\000\263\263\376\177\323\155\261\357\026\174\127\245 -\014\155\166\212\057\113\277\144\373\114\356\212\360\363\051\174 -\365\377\356\052\340\351\351\272\133\144\042\232\232\157\054\072 -\046\151\121\005\231\046\334\325\034\152\161\306\232\175\036\235 -\335\174\154\306\214\147\147\112\076\370\161\260\031\047\251\011 -\014\246\225\277\113\214\014\372\125\230\073\330\350\042\241\113 -\161\070\171\254\227\222\151\263\211\176\352\041\150\006\230\024 -\226\207\322\141\066\274\155\047\126\236\127\356\300\300\126\375 -\062\317\244\331\216\302\043\327\215\250\363\330\045\254\227\344 -\160\070\364\266\072\264\235\073\227\046\103\243\241\274\111\131 -\162\114\043\060\207\001\130\366\116\276\034\150\126\146\257\315 -\101\135\310\263\115\052\125\106\253\037\332\036\342\100\075\333 -\315\175\271\222\200\234\067\335\014\226\144\235\334\042\367\144 -\213\337\141\336\025\224\122\025\240\175\122\311\113\250\041\311 -\306\261\355\313\303\225\140\321\017\360\253\160\370\337\313\115 -\176\354\326\372\253\331\275\177\124\362\245\351\171\372\331\326 -\166\044\050\163\002\003\001\000\001\243\077\060\075\060\035\006 -\003\125\035\016\004\026\004\024\240\163\111\231\150\334\205\133 -\145\343\233\050\057\127\237\275\063\274\007\110\060\013\006\003 -\125\035\017\004\004\003\002\001\006\060\017\006\003\125\035\023 -\001\001\377\004\005\060\003\001\001\377\060\015\006\011\052\206 -\110\206\367\015\001\001\005\005\000\003\202\001\001\000\150\100 -\251\250\273\344\117\135\171\263\005\265\027\263\140\023\353\306 -\222\135\340\321\323\152\376\373\276\233\155\277\307\005\155\131 -\040\304\034\360\267\332\204\130\002\143\372\110\026\357\117\245 -\013\367\112\230\362\077\236\033\255\107\153\143\316\010\107\353 -\122\077\170\234\257\115\256\370\325\117\317\232\230\052\020\101 -\071\122\304\335\331\233\016\357\223\001\256\262\056\312\150\102 -\044\102\154\260\263\072\076\315\351\332\110\304\025\313\351\371 -\007\017\222\120\111\212\335\061\227\137\311\351\067\252\073\131 -\145\227\224\062\311\263\237\076\072\142\130\305\111\255\142\016 -\161\245\062\252\057\306\211\166\103\100\023\023\147\075\242\124 -\045\020\313\361\072\362\331\372\333\111\126\273\246\376\247\101 -\065\303\340\210\141\311\210\307\337\066\020\042\230\131\352\260 -\112\373\126\026\163\156\254\115\367\042\241\117\255\035\172\055 -\105\047\345\060\301\136\362\332\023\313\045\102\121\225\107\003 -\214\154\041\314\164\102\355\123\377\063\213\217\017\127\001\026 -\057\317\246\356\311\160\042\024\275\375\276\154\013\003 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Security Communication Root CA" -# Issuer: OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP -# Serial Number: 0 (0x0) -# Subject: OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP -# Not Valid Before: Tue Sep 30 04:20:49 2003 -# Not Valid After : Sat Sep 30 04:20:49 2023 -# Fingerprint (SHA-256): E7:5E:72:ED:9F:56:0E:EC:6E:B4:80:00:73:A4:3F:C3:AD:19:19:5A:39:22:82:01:78:95:97:4A:99:02:6B:6C -# Fingerprint (SHA1): 36:B1:2B:49:F9:81:9E:D7:4C:9E:BC:38:0F:C6:56:8F:5D:AC:B2:F7 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Security Communication Root CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\066\261\053\111\371\201\236\327\114\236\274\070\017\306\126\217 -\135\254\262\367 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\361\274\143\152\124\340\265\047\365\315\347\032\343\115\156\112 -END -CKA_ISSUER MULTILINE_OCTAL -\060\120\061\013\060\011\006\003\125\004\006\023\002\112\120\061 -\030\060\026\006\003\125\004\012\023\017\123\105\103\117\115\040 -\124\162\165\163\164\056\156\145\164\061\047\060\045\006\003\125 -\004\013\023\036\123\145\143\165\162\151\164\171\040\103\157\155 -\155\165\156\151\143\141\164\151\157\156\040\122\157\157\164\103 -\101\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\000 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # # Certificate "XRamp Global CA Root" # @@ -13758,7 +13626,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL \072\352 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE @@ -24617,3 +24485,877 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "D-Trust SBR Root CA 1 2022" +# +# Issuer: CN=D-Trust SBR Root CA 1 2022,O=D-Trust GmbH,C=DE +# Serial Number:52:cf:e4:8c:6d:a0:4a:f7:3f:82:97:0c:80:09:8c:95 +# Subject: CN=D-Trust SBR Root CA 1 2022,O=D-Trust GmbH,C=DE +# Not Valid Before: Wed Jul 06 11:30:00 2022 +# Not Valid After : Mon Jul 06 11:29:59 2037 +# Fingerprint (SHA-256): D9:2C:17:1F:5C:F8:90:BA:42:80:19:29:29:27:FE:22:F3:20:7F:D2:B5:44:49:CB:6F:67:5A:F4:92:21:46:E2 +# Fingerprint (SHA1): 0F:52:3A:6B:4E:7D:1D:18:05:A5:48:F9:4D:CD:E4:C3:1E:1B:E9:E6 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "D-Trust SBR Root CA 1 2022" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\111\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\025\060\023\006\003\125\004\012\023\014\104\055\124\162\165\163 +\164\040\107\155\142\110\061\043\060\041\006\003\125\004\003\023 +\032\104\055\124\162\165\163\164\040\123\102\122\040\122\157\157 +\164\040\103\101\040\061\040\062\060\062\062 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\111\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\025\060\023\006\003\125\004\012\023\014\104\055\124\162\165\163 +\164\040\107\155\142\110\061\043\060\041\006\003\125\004\003\023 +\032\104\055\124\162\165\163\164\040\123\102\122\040\122\157\157 +\164\040\103\101\040\061\040\062\060\062\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\122\317\344\214\155\240\112\367\077\202\227\014\200\011 +\214\225 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\002\136\060\202\001\343\240\003\002\001\002\002\020\122 +\317\344\214\155\240\112\367\077\202\227\014\200\011\214\225\060 +\012\006\010\052\206\110\316\075\004\003\003\060\111\061\013\060 +\011\006\003\125\004\006\023\002\104\105\061\025\060\023\006\003 +\125\004\012\023\014\104\055\124\162\165\163\164\040\107\155\142 +\110\061\043\060\041\006\003\125\004\003\023\032\104\055\124\162 +\165\163\164\040\123\102\122\040\122\157\157\164\040\103\101\040 +\061\040\062\060\062\062\060\036\027\015\062\062\060\067\060\066 +\061\061\063\060\060\060\132\027\015\063\067\060\067\060\066\061 +\061\062\071\065\071\132\060\111\061\013\060\011\006\003\125\004 +\006\023\002\104\105\061\025\060\023\006\003\125\004\012\023\014 +\104\055\124\162\165\163\164\040\107\155\142\110\061\043\060\041 +\006\003\125\004\003\023\032\104\055\124\162\165\163\164\040\123 +\102\122\040\122\157\157\164\040\103\101\040\061\040\062\060\062 +\062\060\166\060\020\006\007\052\206\110\316\075\002\001\006\005 +\053\201\004\000\042\003\142\000\004\131\223\071\366\214\111\146 +\050\327\141\014\310\253\177\014\243\055\337\242\244\174\222\053 +\150\325\056\176\036\100\313\264\150\111\177\022\241\253\177\127 +\237\031\056\143\056\133\376\146\161\014\063\017\271\336\153\304 +\210\303\261\357\354\071\100\343\226\253\333\345\173\256\037\334 +\371\257\106\232\152\106\006\057\307\067\144\213\027\142\376\226 +\303\242\356\204\340\260\227\071\274\243\201\217\060\201\214\060 +\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377 +\060\035\006\003\125\035\016\004\026\004\024\361\051\243\036\001 +\022\035\075\165\126\115\307\120\174\305\031\252\017\030\267\060 +\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060 +\112\006\003\125\035\037\004\103\060\101\060\077\240\075\240\073 +\206\071\150\164\164\160\072\057\057\143\162\154\056\144\055\164 +\162\165\163\164\056\156\145\164\057\143\162\154\057\144\055\164 +\162\165\163\164\137\163\142\162\137\162\157\157\164\137\143\141 +\137\061\137\062\060\062\062\056\143\162\154\060\012\006\010\052 +\206\110\316\075\004\003\003\003\151\000\060\146\002\061\000\227 +\371\336\256\113\217\230\265\036\100\177\062\175\115\124\103\332 +\211\315\302\252\222\074\321\202\036\163\317\372\114\222\040\373 +\143\047\305\365\163\075\011\075\367\247\141\206\214\363\152\002 +\061\000\347\057\174\270\365\045\214\073\071\037\066\253\215\365 +\206\242\056\341\172\144\332\147\071\002\376\376\063\077\331\163 +\266\130\133\072\374\262\244\331\140\170\167\314\171\247\246\256 +\125\275 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "D-Trust SBR Root CA 1 2022" +# Issuer: CN=D-Trust SBR Root CA 1 2022,O=D-Trust GmbH,C=DE +# Serial Number:52:cf:e4:8c:6d:a0:4a:f7:3f:82:97:0c:80:09:8c:95 +# Subject: CN=D-Trust SBR Root CA 1 2022,O=D-Trust GmbH,C=DE +# Not Valid Before: Wed Jul 06 11:30:00 2022 +# Not Valid After : Mon Jul 06 11:29:59 2037 +# Fingerprint (SHA-256): D9:2C:17:1F:5C:F8:90:BA:42:80:19:29:29:27:FE:22:F3:20:7F:D2:B5:44:49:CB:6F:67:5A:F4:92:21:46:E2 +# Fingerprint (SHA1): 0F:52:3A:6B:4E:7D:1D:18:05:A5:48:F9:4D:CD:E4:C3:1E:1B:E9:E6 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "D-Trust SBR Root CA 1 2022" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\017\122\072\153\116\175\035\030\005\245\110\371\115\315\344\303 +\036\033\351\346 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\023\074\033\202\352\156\352\355\144\142\351\132\171\005\151\004 +END +CKA_ISSUER MULTILINE_OCTAL +\060\111\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\025\060\023\006\003\125\004\012\023\014\104\055\124\162\165\163 +\164\040\107\155\142\110\061\043\060\041\006\003\125\004\003\023 +\032\104\055\124\162\165\163\164\040\123\102\122\040\122\157\157 +\164\040\103\101\040\061\040\062\060\062\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\122\317\344\214\155\240\112\367\077\202\227\014\200\011 +\214\225 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "D-Trust SBR Root CA 2 2022" +# +# Issuer: CN=D-Trust SBR Root CA 2 2022,O=D-Trust GmbH,C=DE +# Serial Number:54:d5:a3:95:1e:3d:95:ba:72:1b:9a:d0:31:21:4a:ba +# Subject: CN=D-Trust SBR Root CA 2 2022,O=D-Trust GmbH,C=DE +# Not Valid Before: Thu Jul 07 07:30:00 2022 +# Not Valid After : Tue Jul 07 07:29:59 2037 +# Fingerprint (SHA-256): DB:A8:4D:D7:EF:62:2D:48:54:63:A9:01:37:EA:4D:57:4D:F8:55:09:28:F6:AF:A0:3B:4D:8B:11:41:E6:36:CC +# Fingerprint (SHA1): 27:FF:63:B9:EF:34:29:31:03:38:1A:D8:60:60:DA:CC:60:28:35:E1 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "D-Trust SBR Root CA 2 2022" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\111\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\025\060\023\006\003\125\004\012\023\014\104\055\124\162\165\163 +\164\040\107\155\142\110\061\043\060\041\006\003\125\004\003\023 +\032\104\055\124\162\165\163\164\040\123\102\122\040\122\157\157 +\164\040\103\101\040\062\040\062\060\062\062 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\111\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\025\060\023\006\003\125\004\012\023\014\104\055\124\162\165\163 +\164\040\107\155\142\110\061\043\060\041\006\003\125\004\003\023 +\032\104\055\124\162\165\163\164\040\123\102\122\040\122\157\157 +\164\040\103\101\040\062\040\062\060\062\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\124\325\243\225\036\075\225\272\162\033\232\320\061\041 +\112\272 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\254\060\202\003\224\240\003\002\001\002\002\020\124 +\325\243\225\036\075\225\272\162\033\232\320\061\041\112\272\060 +\015\006\011\052\206\110\206\367\015\001\001\015\005\000\060\111 +\061\013\060\011\006\003\125\004\006\023\002\104\105\061\025\060 +\023\006\003\125\004\012\023\014\104\055\124\162\165\163\164\040 +\107\155\142\110\061\043\060\041\006\003\125\004\003\023\032\104 +\055\124\162\165\163\164\040\123\102\122\040\122\157\157\164\040 +\103\101\040\062\040\062\060\062\062\060\036\027\015\062\062\060 +\067\060\067\060\067\063\060\060\060\132\027\015\063\067\060\067 +\060\067\060\067\062\071\065\071\132\060\111\061\013\060\011\006 +\003\125\004\006\023\002\104\105\061\025\060\023\006\003\125\004 +\012\023\014\104\055\124\162\165\163\164\040\107\155\142\110\061 +\043\060\041\006\003\125\004\003\023\032\104\055\124\162\165\163 +\164\040\123\102\122\040\122\157\157\164\040\103\101\040\062\040 +\062\060\062\062\060\202\002\042\060\015\006\011\052\206\110\206 +\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002\012 +\002\202\002\001\000\257\054\274\216\066\214\353\144\257\121\152 +\326\156\074\136\221\072\352\232\303\312\154\373\252\047\236\144 +\042\251\100\337\271\050\105\132\354\123\141\026\050\230\302\212 +\244\165\170\120\204\335\372\040\110\222\007\145\101\065\146\121 +\022\164\141\235\007\006\205\071\061\127\173\050\077\325\234\245 +\354\132\351\034\113\047\237\316\047\006\363\067\365\122\330\021 +\063\026\101\072\037\365\143\170\145\143\206\311\277\310\001\004 +\037\156\356\342\354\254\014\356\202\222\342\366\032\015\077\071 +\371\235\145\223\255\370\271\005\301\075\370\067\201\126\303\240 +\376\005\354\340\224\026\072\043\026\004\332\246\012\223\205\162 +\155\141\073\241\215\105\326\343\177\276\025\275\066\204\010\366 +\013\203\153\046\252\242\275\340\260\347\252\340\256\147\304\323 +\202\245\014\251\244\360\063\171\015\120\077\360\357\220\075\044 +\271\177\322\040\154\352\227\363\277\234\334\107\336\011\141\275 +\224\171\225\132\002\166\065\140\304\107\042\015\367\166\143\003 +\323\306\373\203\306\135\253\255\355\151\045\053\003\133\115\045 +\000\101\343\214\207\027\122\250\340\005\053\103\115\024\023\312 +\347\077\103\042\274\067\244\165\361\366\277\072\357\062\036\256 +\356\130\206\220\162\272\004\254\100\110\357\134\304\170\247\251 +\217\047\132\313\172\354\130\362\302\010\130\220\155\115\003\205 +\171\161\025\005\016\116\076\371\337\017\005\367\137\024\110\126 +\041\015\063\222\261\254\214\345\030\376\277\017\356\340\004\252 +\275\041\362\130\266\134\211\012\213\030\011\042\032\263\065\306 +\146\302\365\063\025\231\200\340\010\371\226\057\023\214\356\332 +\267\210\304\351\067\265\327\152\327\072\204\115\253\160\214\323 +\116\024\125\240\242\020\374\144\332\147\350\361\313\063\335\311 +\232\212\217\226\057\130\201\331\370\232\000\103\314\220\373\125 +\166\373\206\343\067\001\050\014\157\364\351\131\115\025\167\121 +\102\112\314\064\270\200\103\120\201\357\127\245\023\333\247\224 +\171\017\113\312\176\027\175\257\243\041\144\350\161\125\126\217 +\006\260\107\354\131\017\135\160\133\054\026\102\360\206\236\165 +\336\153\115\110\230\204\342\127\030\266\234\202\231\145\072\213 +\200\170\127\014\111\002\003\001\000\001\243\201\217\060\201\214 +\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001 +\377\060\035\006\003\125\035\016\004\026\004\024\135\263\200\224 +\033\345\206\277\150\272\024\064\244\366\356\155\362\335\337\347 +\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006 +\060\112\006\003\125\035\037\004\103\060\101\060\077\240\075\240 +\073\206\071\150\164\164\160\072\057\057\143\162\154\056\144\055 +\164\162\165\163\164\056\156\145\164\057\143\162\154\057\144\055 +\164\162\165\163\164\137\163\142\162\137\162\157\157\164\137\143 +\141\137\062\137\062\060\062\062\056\143\162\154\060\015\006\011 +\052\206\110\206\367\015\001\001\015\005\000\003\202\002\001\000 +\064\124\056\130\030\126\315\112\275\227\323\365\175\053\334\257 +\017\121\341\115\274\041\113\223\364\000\104\023\007\020\013\045 +\030\076\110\131\226\367\241\341\223\220\170\146\032\075\043\353 +\042\253\001\246\216\014\121\063\346\155\214\061\356\254\244\001 +\160\071\110\336\307\146\054\153\015\313\163\237\207\222\351\076 +\107\037\270\357\057\356\267\126\214\110\211\360\070\247\025\071 +\262\356\300\077\027\244\163\002\010\234\274\006\212\244\302\267 +\141\141\371\303\333\304\320\172\174\141\336\261\130\221\365\335 +\145\114\057\013\370\353\075\265\355\212\276\167\034\272\131\002 +\022\146\161\345\230\047\316\016\075\257\121\242\105\371\202\373 +\132\245\224\160\367\213\204\303\114\145\045\233\173\342\037\060 +\160\263\100\216\072\356\275\364\347\150\305\235\311\051\107\161 +\016\223\310\265\110\116\365\146\273\007\210\161\151\153\173\110 +\216\157\360\021\304\264\311\160\024\230\040\275\355\247\352\001 +\332\156\245\233\022\376\076\104\060\263\360\353\165\122\300\364 +\303\372\167\046\244\167\202\055\157\363\050\036\116\225\360\060 +\367\211\370\054\242\120\133\362\276\062\176\154\124\333\162\311 +\052\132\340\034\266\013\330\122\232\131\241\343\260\001\047\305 +\240\026\120\146\334\353\256\155\364\233\133\075\204\155\133\207 +\347\251\211\273\156\270\340\233\123\211\300\377\056\100\032\211 +\104\056\030\103\147\070\344\174\162\137\331\243\051\045\101\101 +\075\034\167\033\144\250\303\125\356\143\161\146\142\203\364\177 +\046\231\240\124\073\241\022\155\160\142\316\323\371\270\275\042 +\374\324\232\324\273\342\070\026\057\267\175\071\302\260\251\003 +\351\234\317\176\030\215\166\334\137\021\273\353\102\354\120\011 +\076\134\354\220\061\330\032\162\272\077\151\007\356\230\064\302 +\064\244\326\332\023\326\251\204\362\000\206\300\124\272\036\021 +\260\342\271\304\007\264\221\347\252\346\061\126\157\261\104\304 +\052\142\274\311\260\145\234\064\374\014\032\123\337\041\027\273 +\302\155\241\012\346\361\260\252\104\011\120\111\070\172\135\161 +\342\061\056\031\260\337\225\102\004\175\204\210\316\012\043\147 +\153\070\235\026\336\006\376\050\160\070\245\132\256\374\203\355 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "D-Trust SBR Root CA 2 2022" +# Issuer: CN=D-Trust SBR Root CA 2 2022,O=D-Trust GmbH,C=DE +# Serial Number:54:d5:a3:95:1e:3d:95:ba:72:1b:9a:d0:31:21:4a:ba +# Subject: CN=D-Trust SBR Root CA 2 2022,O=D-Trust GmbH,C=DE +# Not Valid Before: Thu Jul 07 07:30:00 2022 +# Not Valid After : Tue Jul 07 07:29:59 2037 +# Fingerprint (SHA-256): DB:A8:4D:D7:EF:62:2D:48:54:63:A9:01:37:EA:4D:57:4D:F8:55:09:28:F6:AF:A0:3B:4D:8B:11:41:E6:36:CC +# Fingerprint (SHA1): 27:FF:63:B9:EF:34:29:31:03:38:1A:D8:60:60:DA:CC:60:28:35:E1 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "D-Trust SBR Root CA 2 2022" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\047\377\143\271\357\064\051\061\003\070\032\330\140\140\332\314 +\140\050\065\341 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\220\361\364\053\074\247\312\112\210\073\005\053\010\124\205\336 +END +CKA_ISSUER MULTILINE_OCTAL +\060\111\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\025\060\023\006\003\125\004\012\023\014\104\055\124\162\165\163 +\164\040\107\155\142\110\061\043\060\041\006\003\125\004\003\023 +\032\104\055\124\162\165\163\164\040\123\102\122\040\122\157\157 +\164\040\103\101\040\062\040\062\060\062\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\124\325\243\225\036\075\225\272\162\033\232\320\061\041 +\112\272 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Telekom Security SMIME ECC Root 2021" +# +# Issuer: CN=Telekom Security SMIME ECC Root 2021,O=Deutsche Telekom Security GmbH,C=DE +# Serial Number:15:2a:dd:14:c9:18:d1:a4:56:40:86:a6:25:af:07:5f +# Subject: CN=Telekom Security SMIME ECC Root 2021,O=Deutsche Telekom Security GmbH,C=DE +# Not Valid Before: Thu Mar 18 11:08:30 2021 +# Not Valid After : Sat Mar 17 23:59:59 2046 +# Fingerprint (SHA-256): 3A:E6:DF:7E:0D:63:7A:65:A8:C8:16:12:EC:6F:9A:14:2F:85:A1:68:34:C1:02:80:D8:8E:70:70:28:51:87:55 +# Fingerprint (SHA1): B7:F9:1D:98:EC:25:93:F3:50:14:84:9A:A8:7E:22:10:3C:C4:39:27 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Telekom Security SMIME ECC Root 2021" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\145\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143 +\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\107\155\142\110\061\055\060\053\006\003\125\004 +\003\014\044\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\123\115\111\115\105\040\105\103\103\040\122\157 +\157\164\040\062\060\062\061 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\145\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143 +\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\107\155\142\110\061\055\060\053\006\003\125\004 +\003\014\044\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\123\115\111\115\105\040\105\103\103\040\122\157 +\157\164\040\062\060\062\061 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\025\052\335\024\311\030\321\244\126\100\206\246\045\257 +\007\137 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\002\107\060\202\001\315\240\003\002\001\002\002\020\025 +\052\335\024\311\030\321\244\126\100\206\246\045\257\007\137\060 +\012\006\010\052\206\110\316\075\004\003\003\060\145\061\013\060 +\011\006\003\125\004\006\023\002\104\105\061\047\060\045\006\003 +\125\004\012\014\036\104\145\165\164\163\143\150\145\040\124\145 +\154\145\153\157\155\040\123\145\143\165\162\151\164\171\040\107 +\155\142\110\061\055\060\053\006\003\125\004\003\014\044\124\145 +\154\145\153\157\155\040\123\145\143\165\162\151\164\171\040\123 +\115\111\115\105\040\105\103\103\040\122\157\157\164\040\062\060 +\062\061\060\036\027\015\062\061\060\063\061\070\061\061\060\070 +\063\060\132\027\015\064\066\060\063\061\067\062\063\065\071\065 +\071\132\060\145\061\013\060\011\006\003\125\004\006\023\002\104 +\105\061\047\060\045\006\003\125\004\012\014\036\104\145\165\164 +\163\143\150\145\040\124\145\154\145\153\157\155\040\123\145\143 +\165\162\151\164\171\040\107\155\142\110\061\055\060\053\006\003 +\125\004\003\014\044\124\145\154\145\153\157\155\040\123\145\143 +\165\162\151\164\171\040\123\115\111\115\105\040\105\103\103\040 +\122\157\157\164\040\062\060\062\061\060\166\060\020\006\007\052 +\206\110\316\075\002\001\006\005\053\201\004\000\042\003\142\000 +\004\260\031\217\242\153\265\307\315\017\060\231\067\014\303\140 +\133\361\361\047\040\125\075\300\222\213\253\127\241\157\163\203 +\041\302\103\023\014\136\211\252\307\005\065\171\223\142\220\326 +\135\023\037\321\172\240\274\236\020\247\146\174\106\012\260\127 +\154\277\346\124\071\070\041\154\022\134\161\314\323\132\137\155 +\267\247\206\337\263\337\356\302\347\211\101\226\065\366\057\112 +\265\243\102\060\100\060\035\006\003\125\035\016\004\026\004\024 +\053\313\001\014\143\303\123\022\245\250\127\257\320\234\203\373 +\275\220\072\113\060\017\006\003\125\035\023\001\001\377\004\005 +\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004 +\004\003\002\001\006\060\012\006\010\052\206\110\316\075\004\003 +\003\003\150\000\060\145\002\061\000\326\274\110\222\207\107\003 +\307\160\073\045\266\037\256\106\147\163\164\000\047\113\344\245 +\004\242\003\337\136\050\255\156\136\003\310\335\150\234\266\277 +\224\020\110\225\057\017\377\030\213\002\060\001\100\063\236\227 +\227\115\005\362\164\124\014\315\071\375\152\153\011\301\044\077 +\141\216\070\241\267\350\327\104\025\021\142\377\016\141\067\107 +\113\100\177\112\137\262\147\132\163\165\302 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "Telekom Security SMIME ECC Root 2021" +# Issuer: CN=Telekom Security SMIME ECC Root 2021,O=Deutsche Telekom Security GmbH,C=DE +# Serial Number:15:2a:dd:14:c9:18:d1:a4:56:40:86:a6:25:af:07:5f +# Subject: CN=Telekom Security SMIME ECC Root 2021,O=Deutsche Telekom Security GmbH,C=DE +# Not Valid Before: Thu Mar 18 11:08:30 2021 +# Not Valid After : Sat Mar 17 23:59:59 2046 +# Fingerprint (SHA-256): 3A:E6:DF:7E:0D:63:7A:65:A8:C8:16:12:EC:6F:9A:14:2F:85:A1:68:34:C1:02:80:D8:8E:70:70:28:51:87:55 +# Fingerprint (SHA1): B7:F9:1D:98:EC:25:93:F3:50:14:84:9A:A8:7E:22:10:3C:C4:39:27 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Telekom Security SMIME ECC Root 2021" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\267\371\035\230\354\045\223\363\120\024\204\232\250\176\042\020 +\074\304\071\047 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\165\275\136\355\174\015\146\076\007\244\233\274\002\007\330\264 +END +CKA_ISSUER MULTILINE_OCTAL +\060\145\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143 +\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\107\155\142\110\061\055\060\053\006\003\125\004 +\003\014\044\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\123\115\111\115\105\040\105\103\103\040\122\157 +\157\164\040\062\060\062\061 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\025\052\335\024\311\030\321\244\126\100\206\246\045\257 +\007\137 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Telekom Security TLS ECC Root 2020" +# +# Issuer: CN=Telekom Security TLS ECC Root 2020,O=Deutsche Telekom Security GmbH,C=DE +# Serial Number:36:3a:96:8c:c9:5c:b2:58:cd:d0:01:5d:c5:e5:57:00 +# Subject: CN=Telekom Security TLS ECC Root 2020,O=Deutsche Telekom Security GmbH,C=DE +# Not Valid Before: Tue Aug 25 07:48:20 2020 +# Not Valid After : Fri Aug 25 23:59:59 2045 +# Fingerprint (SHA-256): 57:8A:F4:DE:D0:85:3F:4E:59:98:DB:4A:EA:F9:CB:EA:8D:94:5F:60:B6:20:A3:8D:1A:3C:13:B2:BC:7B:A8:E1 +# Fingerprint (SHA1): C0:F8:96:C5:A9:3B:01:06:21:07:DA:18:42:48:BC:E9:9D:88:D5:EC +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Telekom Security TLS ECC Root 2020" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\143\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143 +\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\107\155\142\110\061\053\060\051\006\003\125\004 +\003\014\042\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\124\114\123\040\105\103\103\040\122\157\157\164 +\040\062\060\062\060 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\143\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143 +\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\107\155\142\110\061\053\060\051\006\003\125\004 +\003\014\042\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\124\114\123\040\105\103\103\040\122\157\157\164 +\040\062\060\062\060 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\066\072\226\214\311\134\262\130\315\320\001\135\305\345 +\127\000 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\002\102\060\202\001\311\240\003\002\001\002\002\020\066 +\072\226\214\311\134\262\130\315\320\001\135\305\345\127\000\060 +\012\006\010\052\206\110\316\075\004\003\003\060\143\061\013\060 +\011\006\003\125\004\006\023\002\104\105\061\047\060\045\006\003 +\125\004\012\014\036\104\145\165\164\163\143\150\145\040\124\145 +\154\145\153\157\155\040\123\145\143\165\162\151\164\171\040\107 +\155\142\110\061\053\060\051\006\003\125\004\003\014\042\124\145 +\154\145\153\157\155\040\123\145\143\165\162\151\164\171\040\124 +\114\123\040\105\103\103\040\122\157\157\164\040\062\060\062\060 +\060\036\027\015\062\060\060\070\062\065\060\067\064\070\062\060 +\132\027\015\064\065\060\070\062\065\062\063\065\071\065\071\132 +\060\143\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143 +\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\107\155\142\110\061\053\060\051\006\003\125\004 +\003\014\042\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\124\114\123\040\105\103\103\040\122\157\157\164 +\040\062\060\062\060\060\166\060\020\006\007\052\206\110\316\075 +\002\001\006\005\053\201\004\000\042\003\142\000\004\316\277\376 +\127\250\277\325\252\367\020\232\315\274\321\021\242\275\147\102 +\314\220\353\025\030\220\331\242\315\014\052\045\353\076\117\316 +\265\322\217\017\363\065\332\103\213\002\200\276\157\121\044\035 +\017\153\053\312\237\302\157\120\062\345\067\040\266\040\377\210 +\015\017\155\111\273\333\006\244\207\220\222\224\364\011\320\317 +\177\310\200\013\301\227\263\273\065\047\311\302\033\243\102\060 +\100\060\035\006\003\125\035\016\004\026\004\024\343\162\314\156 +\225\231\107\261\346\263\141\114\321\313\253\343\272\315\336\237 +\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001 +\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001 +\006\060\012\006\010\052\206\110\316\075\004\003\003\003\147\000 +\060\144\002\060\165\122\213\267\244\020\117\256\112\020\213\262 +\204\133\102\341\346\052\066\002\332\240\156\031\077\045\277\332 +\131\062\216\344\373\220\334\223\144\316\255\264\101\107\140\342 +\317\247\313\036\002\060\067\101\214\146\337\101\153\326\203\000 +\101\375\057\132\367\120\264\147\321\054\250\161\327\103\312\234 +\047\044\221\203\110\015\317\315\367\124\201\257\354\177\344\147 +\333\270\220\356\335\045 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "Telekom Security TLS ECC Root 2020" +# Issuer: CN=Telekom Security TLS ECC Root 2020,O=Deutsche Telekom Security GmbH,C=DE +# Serial Number:36:3a:96:8c:c9:5c:b2:58:cd:d0:01:5d:c5:e5:57:00 +# Subject: CN=Telekom Security TLS ECC Root 2020,O=Deutsche Telekom Security GmbH,C=DE +# Not Valid Before: Tue Aug 25 07:48:20 2020 +# Not Valid After : Fri Aug 25 23:59:59 2045 +# Fingerprint (SHA-256): 57:8A:F4:DE:D0:85:3F:4E:59:98:DB:4A:EA:F9:CB:EA:8D:94:5F:60:B6:20:A3:8D:1A:3C:13:B2:BC:7B:A8:E1 +# Fingerprint (SHA1): C0:F8:96:C5:A9:3B:01:06:21:07:DA:18:42:48:BC:E9:9D:88:D5:EC +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Telekom Security TLS ECC Root 2020" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\300\370\226\305\251\073\001\006\041\007\332\030\102\110\274\351 +\235\210\325\354 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\301\253\376\152\020\054\003\215\274\034\042\062\300\205\247\375 +END +CKA_ISSUER MULTILINE_OCTAL +\060\143\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143 +\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\107\155\142\110\061\053\060\051\006\003\125\004 +\003\014\042\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\124\114\123\040\105\103\103\040\122\157\157\164 +\040\062\060\062\060 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\066\072\226\214\311\134\262\130\315\320\001\135\305\345 +\127\000 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Telekom Security SMIME RSA Root 2023" +# +# Issuer: CN=Telekom Security SMIME RSA Root 2023,O=Deutsche Telekom Security GmbH,C=DE +# Serial Number:0c:7e:62:f5:79:73:3b:9d:43:8e:8b:63:ed:91:95:b8 +# Subject: CN=Telekom Security SMIME RSA Root 2023,O=Deutsche Telekom Security GmbH,C=DE +# Not Valid Before: Tue Mar 28 12:09:22 2023 +# Not Valid After : Fri Mar 27 23:59:59 2048 +# Fingerprint (SHA-256): 78:A6:56:34:4F:94:7E:9C:C0:F7:34:D9:05:3D:32:F6:74:20:86:B6:B9:CD:2C:AE:4F:AE:1A:2E:4E:FD:E0:48 +# Fingerprint (SHA1): 89:3F:6F:1C:E2:4D:7F:FB:C3:D3:14:7A:05:80:A7:DE:E1:0A:5E:4D +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Telekom Security SMIME RSA Root 2023" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\145\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143 +\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\107\155\142\110\061\055\060\053\006\003\125\004 +\003\014\044\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\123\115\111\115\105\040\122\123\101\040\122\157 +\157\164\040\062\060\062\063 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\145\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143 +\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\107\155\142\110\061\055\060\053\006\003\125\004 +\003\014\044\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\123\115\111\115\105\040\122\123\101\040\122\157 +\157\164\040\062\060\062\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\014\176\142\365\171\163\073\235\103\216\213\143\355\221 +\225\270 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\267\060\202\003\237\240\003\002\001\002\002\020\014 +\176\142\365\171\163\073\235\103\216\213\143\355\221\225\270\060 +\015\006\011\052\206\110\206\367\015\001\001\014\005\000\060\145 +\061\013\060\011\006\003\125\004\006\023\002\104\105\061\047\060 +\045\006\003\125\004\012\014\036\104\145\165\164\163\143\150\145 +\040\124\145\154\145\153\157\155\040\123\145\143\165\162\151\164 +\171\040\107\155\142\110\061\055\060\053\006\003\125\004\003\014 +\044\124\145\154\145\153\157\155\040\123\145\143\165\162\151\164 +\171\040\123\115\111\115\105\040\122\123\101\040\122\157\157\164 +\040\062\060\062\063\060\036\027\015\062\063\060\063\062\070\061 +\062\060\071\062\062\132\027\015\064\070\060\063\062\067\062\063 +\065\071\065\071\132\060\145\061\013\060\011\006\003\125\004\006 +\023\002\104\105\061\047\060\045\006\003\125\004\012\014\036\104 +\145\165\164\163\143\150\145\040\124\145\154\145\153\157\155\040 +\123\145\143\165\162\151\164\171\040\107\155\142\110\061\055\060 +\053\006\003\125\004\003\014\044\124\145\154\145\153\157\155\040 +\123\145\143\165\162\151\164\171\040\123\115\111\115\105\040\122 +\123\101\040\122\157\157\164\040\062\060\062\063\060\202\002\042 +\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003 +\202\002\017\000\060\202\002\012\002\202\002\001\000\357\305\016 +\213\276\062\322\147\107\377\012\114\147\263\052\277\310\303\305 +\221\353\265\307\036\221\341\146\250\210\213\125\040\200\037\121 +\136\167\227\236\031\012\134\307\153\067\041\174\003\066\001\364 +\210\045\331\250\056\101\252\374\330\046\340\226\100\142\171\256 +\127\236\003\070\032\034\262\167\024\076\351\241\162\320\344\340 +\067\321\027\106\355\120\134\172\130\305\370\053\367\165\057\317 +\201\236\132\054\267\072\254\240\131\230\004\121\014\377\111\305 +\120\375\036\323\107\205\113\063\117\242\067\265\257\004\232\047 +\062\235\126\325\077\125\141\343\213\157\256\121\376\227\376\151 +\007\372\142\133\046\346\024\171\025\245\023\070\256\137\067\276 +\224\112\326\015\200\026\151\244\221\262\072\111\230\165\235\106 +\020\212\134\172\177\204\245\350\257\036\307\253\263\132\106\265 +\243\113\365\246\043\066\000\106\261\333\005\266\033\316\236\172 +\062\134\232\325\162\303\235\206\115\053\204\323\036\265\210\332 +\020\170\234\042\303\073\043\265\353\023\007\275\157\123\354\233 +\354\233\323\145\365\007\011\343\135\247\231\265\176\206\216\325 +\002\377\267\205\011\343\107\024\335\226\146\030\064\336\010\325 +\337\313\030\231\142\013\053\354\000\135\122\104\323\306\226\374 +\062\126\045\221\317\315\031\073\225\071\076\002\207\231\143\266 +\325\076\064\172\017\021\165\201\274\175\004\312\140\264\050\165 +\327\002\121\335\122\000\056\307\375\211\361\134\363\313\244\047 +\022\070\217\273\373\211\360\344\304\070\054\276\202\240\161\141 +\142\221\217\110\014\057\053\251\260\361\313\020\004\347\164\277 +\067\220\357\117\052\103\065\227\022\306\052\160\015\336\054\125 +\107\171\143\051\365\312\037\152\006\122\034\256\055\044\042\203 +\042\257\320\252\060\267\052\037\377\145\043\130\145\223\310\216 +\175\100\020\061\206\170\331\125\313\074\060\360\336\121\052\000 +\066\322\047\105\137\330\350\241\041\075\176\106\126\073\051\105 +\361\035\005\011\316\266\103\060\334\105\220\020\060\114\244\153 +\206\213\077\075\057\061\221\161\357\046\271\366\276\235\260\154 +\337\021\356\130\077\103\171\206\071\200\361\046\027\007\230\360 +\231\252\060\054\103\131\024\316\355\342\100\023\205\002\003\001 +\000\001\243\143\060\141\060\016\006\003\125\035\017\001\001\377 +\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026\004 +\024\232\316\254\052\354\001\372\145\160\336\227\235\361\322\000 +\214\245\243\144\273\060\017\006\003\125\035\023\001\001\377\004 +\005\060\003\001\001\377\060\037\006\003\125\035\043\004\030\060 +\026\200\024\232\316\254\052\354\001\372\145\160\336\227\235\361 +\322\000\214\245\243\144\273\060\015\006\011\052\206\110\206\367 +\015\001\001\014\005\000\003\202\002\001\000\343\120\375\365\100 +\026\042\011\226\072\015\251\357\201\347\056\062\360\241\361\111 +\136\173\210\015\004\162\327\276\147\250\272\035\356\120\273\162 +\156\172\321\273\014\162\060\106\310\325\327\002\022\026\231\116 +\036\337\132\226\356\217\221\276\256\206\370\020\167\245\304\156 +\107\141\300\362\046\331\117\141\150\005\110\165\010\025\245\241 +\173\325\270\263\211\171\346\355\361\363\141\000\206\173\056\061 +\376\243\134\370\171\075\264\133\210\173\340\043\273\015\241\027 +\372\313\150\015\230\167\161\010\342\155\103\164\153\304\066\305 +\224\101\244\000\326\127\055\231\212\213\040\022\025\002\062\016 +\322\111\354\201\110\305\152\047\122\327\262\163\125\123\226\074 +\236\117\114\265\240\320\117\127\320\147\050\110\144\276\306\270 +\272\354\144\317\310\173\305\152\347\052\346\131\127\266\326\324 +\326\300\147\134\331\236\050\011\100\277\363\251\065\061\145\140 +\003\313\031\154\202\225\003\036\137\077\341\275\352\111\161\345 +\133\267\013\107\026\033\040\211\155\224\231\014\176\210\154\035 +\015\364\267\041\032\131\227\254\313\350\276\027\037\225\174\123 +\233\257\120\122\252\215\013\056\257\132\327\140\362\052\151\052 +\271\356\124\160\030\252\275\365\241\077\322\335\241\143\031\000 +\370\247\014\353\243\171\362\160\131\243\370\242\022\003\354\023 +\377\344\002\206\066\327\301\303\244\265\324\244\302\067\105\266 +\224\160\075\305\275\353\243\025\035\343\066\172\025\151\052\126 +\064\071\317\245\232\066\252\310\355\171\274\317\366\316\004\123 +\013\332\262\120\043\174\274\076\046\255\360\016\103\273\046\313 +\256\302\100\336\067\037\012\240\121\315\143\235\266\117\330\306 +\107\174\274\330\264\355\236\213\363\021\342\250\265\076\354\256 +\160\076\176\042\273\065\110\027\140\142\024\221\060\243\166\075 +\246\121\066\213\037\015\335\152\061\034\245\355\335\226\243\156 +\162\017\023\115\252\247\251\134\170\371\003\022\030\223\067\105 +\022\211\075\370\276\312\275\331\276\014\331\030\144\247\310\101 +\076\165\202\041\070\175\145\364\240\324\023\113\007\170\051\371 +\235\176\314\207\077\304\332\056\210\335\343\013\334\132\121\132 +\351\331\022\117\236\002\333\367\005\045\121 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "Telekom Security SMIME RSA Root 2023" +# Issuer: CN=Telekom Security SMIME RSA Root 2023,O=Deutsche Telekom Security GmbH,C=DE +# Serial Number:0c:7e:62:f5:79:73:3b:9d:43:8e:8b:63:ed:91:95:b8 +# Subject: CN=Telekom Security SMIME RSA Root 2023,O=Deutsche Telekom Security GmbH,C=DE +# Not Valid Before: Tue Mar 28 12:09:22 2023 +# Not Valid After : Fri Mar 27 23:59:59 2048 +# Fingerprint (SHA-256): 78:A6:56:34:4F:94:7E:9C:C0:F7:34:D9:05:3D:32:F6:74:20:86:B6:B9:CD:2C:AE:4F:AE:1A:2E:4E:FD:E0:48 +# Fingerprint (SHA1): 89:3F:6F:1C:E2:4D:7F:FB:C3:D3:14:7A:05:80:A7:DE:E1:0A:5E:4D +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Telekom Security SMIME RSA Root 2023" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\211\077\157\034\342\115\177\373\303\323\024\172\005\200\247\336 +\341\012\136\115 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\353\335\044\371\050\017\243\302\303\156\012\077\320\303\015\033 +END +CKA_ISSUER MULTILINE_OCTAL +\060\145\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143 +\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\107\155\142\110\061\055\060\053\006\003\125\004 +\003\014\044\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\123\115\111\115\105\040\122\123\101\040\122\157 +\157\164\040\062\060\062\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\014\176\142\365\171\163\073\235\103\216\213\143\355\221 +\225\270 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Telekom Security TLS RSA Root 2023" +# +# Issuer: CN=Telekom Security TLS RSA Root 2023,O=Deutsche Telekom Security GmbH,C=DE +# Serial Number:21:9c:54:2d:e8:f6:ec:71:77:fa:4e:e8:c3:70:57:97 +# Subject: CN=Telekom Security TLS RSA Root 2023,O=Deutsche Telekom Security GmbH,C=DE +# Not Valid Before: Tue Mar 28 12:16:45 2023 +# Not Valid After : Fri Mar 27 23:59:59 2048 +# Fingerprint (SHA-256): EF:C6:5C:AD:BB:59:AD:B6:EF:E8:4D:A2:23:11:B3:56:24:B7:1B:3B:1E:A0:DA:8B:66:55:17:4E:C8:97:86:46 +# Fingerprint (SHA1): 54:D3:AC:B3:BD:57:56:F6:85:9D:CE:E5:C3:21:E2:D4:AD:83:D0:93 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Telekom Security TLS RSA Root 2023" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\143\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143 +\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\107\155\142\110\061\053\060\051\006\003\125\004 +\003\014\042\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\124\114\123\040\122\123\101\040\122\157\157\164 +\040\062\060\062\063 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\143\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143 +\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\107\155\142\110\061\053\060\051\006\003\125\004 +\003\014\042\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\124\114\123\040\122\123\101\040\122\157\157\164 +\040\062\060\062\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\041\234\124\055\350\366\354\161\167\372\116\350\303\160 +\127\227 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\263\060\202\003\233\240\003\002\001\002\002\020\041 +\234\124\055\350\366\354\161\167\372\116\350\303\160\127\227\060 +\015\006\011\052\206\110\206\367\015\001\001\014\005\000\060\143 +\061\013\060\011\006\003\125\004\006\023\002\104\105\061\047\060 +\045\006\003\125\004\012\014\036\104\145\165\164\163\143\150\145 +\040\124\145\154\145\153\157\155\040\123\145\143\165\162\151\164 +\171\040\107\155\142\110\061\053\060\051\006\003\125\004\003\014 +\042\124\145\154\145\153\157\155\040\123\145\143\165\162\151\164 +\171\040\124\114\123\040\122\123\101\040\122\157\157\164\040\062 +\060\062\063\060\036\027\015\062\063\060\063\062\070\061\062\061 +\066\064\065\132\027\015\064\070\060\063\062\067\062\063\065\071 +\065\071\132\060\143\061\013\060\011\006\003\125\004\006\023\002 +\104\105\061\047\060\045\006\003\125\004\012\014\036\104\145\165 +\164\163\143\150\145\040\124\145\154\145\153\157\155\040\123\145 +\143\165\162\151\164\171\040\107\155\142\110\061\053\060\051\006 +\003\125\004\003\014\042\124\145\154\145\153\157\155\040\123\145 +\143\165\162\151\164\171\040\124\114\123\040\122\123\101\040\122 +\157\157\164\040\062\060\062\063\060\202\002\042\060\015\006\011 +\052\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000 +\060\202\002\012\002\202\002\001\000\355\065\241\201\200\363\313 +\112\151\133\302\373\121\203\256\046\375\341\156\363\201\022\175 +\161\100\377\207\165\102\051\041\355\201\122\054\337\022\301\031 +\204\211\301\275\305\050\325\325\113\154\104\326\114\333\007\226 +\112\125\172\312\066\202\004\066\250\245\374\047\366\111\361\325 +\162\236\221\371\043\326\160\173\273\365\233\301\354\223\317\031 +\352\145\176\210\160\240\163\374\366\377\265\126\142\341\163\152 +\064\230\076\202\270\254\225\123\364\001\240\047\007\162\243\000 +\123\240\344\262\253\203\070\127\063\045\224\237\276\110\035\230 +\341\243\272\236\134\315\004\161\121\175\165\170\253\363\131\252 +\304\340\140\276\217\203\122\270\165\032\101\065\355\274\363\072 +\143\351\251\024\105\327\346\122\321\156\322\336\274\343\365\013 +\073\346\340\304\275\103\144\023\246\316\364\230\067\154\212\225 +\250\227\310\107\017\360\136\020\213\347\035\034\376\261\073\240 +\005\063\150\005\101\202\301\003\053\001\310\347\217\115\253\350 +\265\366\315\153\104\265\347\335\213\354\352\045\264\000\042\127 +\115\260\261\262\061\301\026\316\377\375\024\204\267\107\372\262 +\361\160\336\333\213\154\066\130\244\174\263\021\321\303\167\177 +\137\266\045\340\015\305\322\263\371\270\270\167\333\067\161\161 +\107\343\140\030\117\044\266\165\067\170\271\243\142\257\275\311 +\162\216\057\314\273\256\333\344\025\122\031\007\063\373\152\267 +\055\113\220\050\202\163\376\030\213\065\215\333\247\004\152\276 +\352\301\115\066\073\026\066\221\062\357\266\100\211\221\103\340 +\362\242\253\004\056\346\362\114\016\026\064\040\254\207\301\055 +\176\311\146\107\027\024\021\244\363\367\241\044\211\253\330\032 +\310\241\134\261\243\367\214\155\310\001\311\117\311\354\304\374 +\254\121\063\321\310\203\321\311\237\035\324\107\064\051\076\313 +\260\016\372\203\013\050\130\345\051\334\077\174\250\237\311\266 +\012\273\246\350\106\026\017\226\345\173\344\152\172\110\155\166 +\230\005\245\334\155\036\102\036\102\332\032\340\122\367\265\203 +\300\032\173\170\065\054\070\365\037\375\111\243\056\322\131\143 +\277\200\260\214\223\163\313\065\246\231\225\042\141\145\003\140 +\373\057\223\113\372\232\234\200\073\002\003\001\000\001\243\143 +\060\141\060\016\006\003\125\035\017\001\001\377\004\004\003\002 +\001\006\060\035\006\003\125\035\016\004\026\004\024\266\247\227 +\202\075\164\205\233\367\074\237\223\232\225\171\165\122\214\155 +\107\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001 +\001\377\060\037\006\003\125\035\043\004\030\060\026\200\024\266 +\247\227\202\075\164\205\233\367\074\237\223\232\225\171\165\122 +\214\155\107\060\015\006\011\052\206\110\206\367\015\001\001\014 +\005\000\003\202\002\001\000\250\314\141\246\276\165\236\025\120 +\244\153\373\250\160\105\174\272\176\261\132\374\133\043\372\012 +\167\370\230\161\202\014\155\340\136\106\252\223\364\036\240\303 +\341\223\333\113\255\262\246\135\253\260\324\142\313\136\273\146 +\365\055\356\227\100\074\142\353\136\326\024\326\214\342\226\213 +\101\151\223\065\346\271\231\153\142\264\241\027\146\064\246\153 +\143\306\271\116\362\042\351\130\015\126\101\321\372\014\112\360 +\063\315\073\273\155\041\072\256\216\162\265\303\112\373\351\175 +\345\261\233\206\356\342\340\175\264\367\062\375\042\204\361\205 +\311\067\171\351\265\077\277\134\344\164\262\217\021\142\000\335 +\030\146\241\331\173\043\137\361\216\325\147\350\124\332\133\072 +\153\066\157\371\201\261\063\107\063\167\100\371\122\252\335\324 +\203\317\205\170\231\232\223\271\163\147\102\106\021\041\352\376 +\012\251\033\032\145\151\263\217\256\026\266\366\113\126\262\055 +\371\245\310\354\073\142\243\355\153\320\116\325\100\011\244\037 +\230\327\072\245\222\131\040\344\260\175\315\133\163\150\275\155 +\304\242\023\016\147\031\270\215\102\176\154\014\232\156\240\044 +\055\325\105\033\334\304\002\024\376\205\133\145\227\312\116\220 +\120\010\172\102\065\371\352\302\146\324\370\001\256\036\264\276 +\303\250\357\376\166\232\242\246\037\106\366\204\355\374\333\316 +\304\002\316\167\110\054\214\262\354\303\000\243\354\054\125\030 +\301\176\031\356\341\057\362\255\203\233\236\253\031\337\306\212 +\057\214\167\345\267\005\354\073\301\354\276\206\263\206\274\300 +\367\334\347\352\133\256\262\314\265\065\206\113\320\342\077\266 +\330\370\016\000\356\135\343\367\215\130\377\317\213\067\351\143 +\137\156\367\011\161\066\302\022\135\127\362\310\264\315\363\356 +\002\337\021\334\152\271\127\204\035\131\115\214\316\310\016\043 +\302\267\046\232\020\024\161\376\223\262\212\270\200\360\016\020 +\236\323\250\120\014\067\202\057\352\340\212\235\341\054\071\377 +\265\264\163\000\344\367\110\246\163\254\277\262\336\167\004\207 +\264\243\315\233\065\044\067\372\220\223\023\201\102\306\230\046 +\165\067\146\101\020\254\273\365\224\343\302\061\053\255\347\043 +\126\314\065\045\222\263\120 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "Telekom Security TLS RSA Root 2023" +# Issuer: CN=Telekom Security TLS RSA Root 2023,O=Deutsche Telekom Security GmbH,C=DE +# Serial Number:21:9c:54:2d:e8:f6:ec:71:77:fa:4e:e8:c3:70:57:97 +# Subject: CN=Telekom Security TLS RSA Root 2023,O=Deutsche Telekom Security GmbH,C=DE +# Not Valid Before: Tue Mar 28 12:16:45 2023 +# Not Valid After : Fri Mar 27 23:59:59 2048 +# Fingerprint (SHA-256): EF:C6:5C:AD:BB:59:AD:B6:EF:E8:4D:A2:23:11:B3:56:24:B7:1B:3B:1E:A0:DA:8B:66:55:17:4E:C8:97:86:46 +# Fingerprint (SHA1): 54:D3:AC:B3:BD:57:56:F6:85:9D:CE:E5:C3:21:E2:D4:AD:83:D0:93 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Telekom Security TLS RSA Root 2023" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\124\323\254\263\275\127\126\366\205\235\316\345\303\041\342\324 +\255\203\320\223 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\277\133\353\124\100\315\110\161\304\040\215\175\336\012\102\362 +END +CKA_ISSUER MULTILINE_OCTAL +\060\143\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\047\060\045\006\003\125\004\012\014\036\104\145\165\164\163\143 +\150\145\040\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\107\155\142\110\061\053\060\051\006\003\125\004 +\003\014\042\124\145\154\145\153\157\155\040\123\145\143\165\162 +\151\164\171\040\124\114\123\040\122\123\101\040\122\157\157\164 +\040\062\060\062\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\041\234\124\055\350\366\354\161\167\372\116\350\303\160 +\127\227 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE diff --git a/lfs/ca-certificates b/lfs/ca-certificates index e828b5571..5fe5ca550 100644 --- a/lfs/ca-certificates +++ b/lfs/ca-certificates @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team <info(a)ipfire.org> # +# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 20231204 +VER = 20240217 # From https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/b… -- 2.35.3

1 0

[PATCH] freeradius: Increment PAK_VER & ship freeradius to link to the updated libssl version
by Adolf Belka 15 Feb '24

15 Feb '24

- OpenSSL was updated to 3.1.4 in CU181 and to 3.2.1 in CU183 but in both cases freeradius was not incremented to cause it to be shipped. - This patch increments the freeradius PAK_VER to ensure it will be shipped. Fixes: Bug#13590 Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> --- lfs/freeradius | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/freeradius b/lfs/freeradius index 5ce1a2528..df59bd63b 100644 --- a/lfs/freeradius +++ b/lfs/freeradius @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team <info(a)ipfire.org> # +# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = freeradius -PAK_VER = 19 +PAK_VER = 20 DEPS = libtalloc samba -- 2.43.2

1 0

Problems still with xfs
by Adolf Belka 15 Feb '24

15 Feb '24

Hi Michael and Arne, I decided to build a vm testbed clone that would have an xfs filesystem. I did the installation from Core Update 182 downloaded from the website. After the reboot during the installation the screen went blank and nothing more happened. I then checked the sha256 hash for the website version with the one in the nightly build for Core Update 182 with the grub reversion and they are different. I then built a system with xfs filesystem using the CU182 from the nightly build with the grub reversion but it still failed at the reboot stage of the installation. I then did an xfs build using the CU181 website download version and that built without any problems. I then did a pakfire update from CU181 to CU182 and that went without any problems, including the reboot. Not sure what is going on but there seems to still be a problem with doing a fresh installation with xfs using either the website or nightly build versions of CU182. Regards, Adolf.

2 4

[PATCH] ruleset-sources: removal of PT Attack & Secureworks + addition of ThreatFox
by Adolf Belka 15 Feb '24

15 Feb '24

- The PT Attack ruleset has not been updated since 2021 and made read-only in 2022 The PT Attack website no longer has any reference to Suricata Rulesets. The PT Attack ruleset is being removed. - The Secureworks three rulesets are no longer available. The website path gives a 404 error. No mention of Suricata rulesets in the Secureworks website. The Secureworks three rulesets are being removed. - ThreatFox ruleset has been added to the list. Both a plain and archive version of the rules are available but the plain version is being regularly updated while the archive version was last updated 5 days ago. So this patch has implemented the plain version. - All above was discussed in the January Developers Conference call. - Tested out on my vm testbed. I had PT Attack selected as one of the providers. As mentioned by Stefan removing PT Attack means it is not available in the list of providers but the provider stays in the providers table but with the line shown in red. I will update the wiki to mention the red highlight and what it means. Suggested-by: Stefan Schantl <stefan.schantl(a)ipfire.org> Tested-by: Adolf Belka <adolf.belka(a)ipfire.org> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> --- config/suricata/ruleset-sources | 44 ++++++--------------------------- 1 file changed, 7 insertions(+), 37 deletions(-) diff --git a/config/suricata/ruleset-sources b/config/suricata/ruleset-sources index 14d1b865f..2b3b4ffcb 100644 --- a/config/suricata/ruleset-sources +++ b/config/suricata/ruleset-sources @@ -97,44 +97,14 @@ our %Providers = ( dl_type => "plain", }, - # Positive Technologies Attack Detection Team rules. - attack_detection => { - summary => "PT Attack Detection Team Rules", - website => "https://github.com/ptresearch/AttackDetection", - tr_string => "attack detection team rules", + # ThreatFox + threatfox => { + summary => "ThreatFox Indicators Of Compromise Rules", + website => "https://threatfox.abuse.ch/", + tr_string => "threatfox rules", requires_subscription => "False", - dl_url => "https://raw.githubusercontent.com/ptresearch/AttackDetection/master/pt.rule…", - dl_type => "archive", - }, - - # Secureworks Security rules. - secureworks_security => { - summary => "Secureworks Security Ruleset", - website => "https://www.secureworks.com", - tr_string => "secureworks security ruleset", - requires_subscription => "True", - dl_url => "https://ws.secureworks.com/ti/ruleset/<subscription_code>/Suricata_suricata-security_latest.tgz", - dl_type => "archive", - }, - - # Secureworks Malware rules. - secureworks_malware => { - summary => "Secureworks Malware Ruleset", - website => "https://www.secureworks.com", - tr_string => "secureworks malware ruleset", - requires_subscription => "True", - dl_url => "https://ws.secureworks.com/ti/ruleset/<subscription_code>/Suricata_suricata-malware_latest.tgz", - dl_type => "archive", - }, - - # Secureworks Enhanced rules. - secureworks_enhanced => { - summary => "Secureworks Enhanced Ruleset", - website => "https://www.secureworks.com", - tr_string => "secureworks enhanced ruleset", - requires_subscription => "True", - dl_url => "https://ws.secureworks.com/ti/ruleset/<subscription_code>/Suricata_suricata-enhanced_latest.tgz", - dl_type => "archive", + dl_url => "https://threatfox.abuse.ch/downloads/threatfox_suricata.rules", + dl_type => "plain", }, # Travis B. Green hunting rules. -- 2.43.2

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Development February 2024