diff --git a/SPECS-SIGNED/kernel-mshv-signed/kernel-mshv-signed.spec b/SPECS-SIGNED/kernel-mshv-signed/kernel-mshv-signed.spec index 425beecc4c3..39f9ee3628d 100644 --- a/SPECS-SIGNED/kernel-mshv-signed/kernel-mshv-signed.spec +++ b/SPECS-SIGNED/kernel-mshv-signed/kernel-mshv-signed.spec @@ -7,7 +7,7 @@ Summary: Signed MSHV-enabled Linux Kernel for %{buildarch} systems Name: kernel-mshv-signed-%{buildarch} Version: 5.15.126.mshv9 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -66,6 +66,7 @@ Source0: kernel-mshv-%{version}-%{release}.%{buildarch}.rpm Source1: vmlinuz-%{uname_r} Source2: sha512hmac-openssl.sh BuildRequires: cpio +BuildRequires: grub2-rpm-macros BuildRequires: openssl BuildRequires: sed @@ -148,6 +149,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner-mshv.cfg %exclude /lib/modules/%{uname_r}/build %changelog +* Mon Apr 01 2024 Cameron Baird - 5.15.126.mshv9-3 +- BuildRequires: grub2-rpm-macros to expand mkconfig configuration requirement + * Thu Jan 04 2024 Cameron Baird - 5.15.126.mshv9-2 - Original version for CBL-Mariner. - License verified diff --git a/SPECS/ca-certificates/ca-certificates.signatures.json b/SPECS/ca-certificates/ca-certificates.signatures.json index 81328d34c3b..9fddb3344d6 100644 --- a/SPECS/ca-certificates/ca-certificates.signatures.json +++ b/SPECS/ca-certificates/ca-certificates.signatures.json @@ -11,7 +11,7 @@ "README.usr": "0d2e90b6cf575678cd9d4f409d92258ef0d676995d4d733acdb2425309a38ff8", "bundle2pem.sh": "a61e0d9f34e21456cfe175e9a682f56959240e66dfeb75bd2457226226aa413a", "certdata.base.txt": "771a6c9995ea00bb4ce50fd842a252454fe9b26acad8b0568a1055207442db57", - "certdata.microsoft.txt": "8eea04b31e73f9e64040a2d905b02f05dc4c6f2e9964919f5921a31c1ace0d02", + "certdata.microsoft.txt": "71599549e0fd94f5afe074ef553cb102d0b38eb94fd8ce11fe9c29c33492ed24", "certdata2pem.py": "4f5848c14210758f19ab9fdc9ffd83733303a48642a3d47c4d682f904fdc0f33", "pem2bundle.sh": "f96a2f0071fb80e30332c0bd95853183f2f49a3c98d5e9fc4716aeeb001e3426", "trust-fixes": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b", diff --git a/SPECS/ca-certificates/ca-certificates.spec b/SPECS/ca-certificates/ca-certificates.spec index 19776485e92..73a58bc888d 100644 --- a/SPECS/ca-certificates/ca-certificates.spec +++ b/SPECS/ca-certificates/ca-certificates.spec @@ -45,7 +45,7 @@ Name: ca-certificates # When updating, "Epoch, "Version", AND "Release" tags must be updated in the "prebuilt-ca-certificates*" packages as well. Epoch: 1 Version: 2.0.0 -Release: 15%{?dist} +Release: 16%{?dist} License: MPLv2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -324,6 +324,9 @@ rm -f %{pkidir}/tls/certs/*.{0,pem} %{_bindir}/bundle2pem.sh %changelog +* Fri Mar 29 2024 CBL-Mariner Servicing Account - 2.0.0-16 +- Updating Microsoft trusted root CAs. + * Fri Jan 26 2024 CBL-Mariner Servicing Account - 2.0.0-15 - Updating Microsoft trusted root CAs. diff --git a/SPECS/ca-certificates/certdata.microsoft.txt b/SPECS/ca-certificates/certdata.microsoft.txt index cb1fd2a3b7f..f7c05a872e3 100644 --- a/SPECS/ca-certificates/certdata.microsoft.txt +++ b/SPECS/ca-certificates/certdata.microsoft.txt @@ -5377,143 +5377,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "SZAFIR ROOT CA" -# -# Issuer: CN=SZAFIR ROOT CA,O=Krajowa Izba Rozliczeniowa S.A.,C=PL -# Serial Number:00:e6:09:fe:7a:ea:00:68:8c:e0:24:b4:ed:20:1b:1f:ef:52:b4:44:d1 -# Subject: CN=SZAFIR ROOT CA,O=Krajowa Izba Rozliczeniowa S.A.,C=PL -# Not Valid Before: Tue Dec 06 11:10:57 2011 -# Not Valid After : Sat Dec 06 11:10:57 2031 -# Fingerprint (SHA-256): FA:BC:F5:19:7C:DD:7F:45:8A:C3:38:32:D3:28:40:21:DB:24:25:FD:6B:EA:7A:2E:69:B7:48:6E:8F:51:F9:CC -# Fingerprint (SHA1): D3:EE:FB:CB:BC:F4:98:67:83:86:26:E2:3B:B5:9C:A0:1E:30:5D:B7 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "SZAFIR ROOT CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\120\061\013\060\011\006\003\125\004\006\023\002\120\114\061 -\050\060\046\006\003\125\004\012\014\037\113\162\141\152\157\167 -\141\040\111\172\142\141\040\122\157\172\154\151\143\172\145\156 -\151\157\167\141\040\123\056\101\056\061\027\060\025\006\003\125 -\004\003\014\016\123\132\101\106\111\122\040\122\117\117\124\040 -\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\120\061\013\060\011\006\003\125\004\006\023\002\120\114\061 -\050\060\046\006\003\125\004\012\014\037\113\162\141\152\157\167 -\141\040\111\172\142\141\040\122\157\172\154\151\143\172\145\156 -\151\157\167\141\040\123\056\101\056\061\027\060\025\006\003\125 -\004\003\014\016\123\132\101\106\111\122\040\122\117\117\124\040 -\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\025\000\346\011\376\172\352\000\150\214\340\044\264\355\040 -\033\037\357\122\264\104\321 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\161\060\202\002\131\240\003\002\001\002\002\025\000 -\346\011\376\172\352\000\150\214\340\044\264\355\040\033\037\357 -\122\264\104\321\060\015\006\011\052\206\110\206\367\015\001\001 -\005\005\000\060\120\061\013\060\011\006\003\125\004\006\023\002 -\120\114\061\050\060\046\006\003\125\004\012\014\037\113\162\141 -\152\157\167\141\040\111\172\142\141\040\122\157\172\154\151\143 -\172\145\156\151\157\167\141\040\123\056\101\056\061\027\060\025 -\006\003\125\004\003\014\016\123\132\101\106\111\122\040\122\117 -\117\124\040\103\101\060\036\027\015\061\061\061\062\060\066\061 -\061\061\060\065\067\132\027\015\063\061\061\062\060\066\061\061 -\061\060\065\067\132\060\120\061\013\060\011\006\003\125\004\006 -\023\002\120\114\061\050\060\046\006\003\125\004\012\014\037\113 -\162\141\152\157\167\141\040\111\172\142\141\040\122\157\172\154 -\151\143\172\145\156\151\157\167\141\040\123\056\101\056\061\027 -\060\025\006\003\125\004\003\014\016\123\132\101\106\111\122\040 -\122\117\117\124\040\103\101\060\202\001\042\060\015\006\011\052 -\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000\060 -\202\001\012\002\202\001\001\000\254\107\057\217\131\061\071\245 -\352\015\360\245\214\053\275\002\244\275\315\012\163\252\011\346 -\314\137\202\152\165\251\227\345\273\006\357\363\300\135\241\301 -\322\211\171\130\360\334\353\125\214\356\130\032\173\047\377\112 -\120\263\000\241\152\023\043\063\220\350\057\123\066\156\030\154 -\017\100\326\067\127\327\006\015\057\220\044\312\127\374\133\222 -\377\043\200\127\205\077\112\236\122\072\307\346\273\005\120\046 -\236\277\323\266\137\256\265\077\300\262\153\066\175\027\304\260 -\135\257\144\363\061\037\205\005\250\340\041\026\074\123\222\142 -\126\177\140\256\342\173\321\100\221\334\266\320\176\160\100\050 -\152\017\341\021\033\177\372\334\350\341\104\163\353\036\253\327 -\333\150\142\154\161\340\130\343\006\105\041\131\014\065\137\155 -\153\173\377\307\241\375\276\321\210\042\301\204\374\343\062\333 -\172\240\352\010\343\016\137\033\307\343\315\062\030\071\041\375 -\012\032\315\145\367\123\276\107\100\114\123\376\042\145\302\173 -\273\043\125\172\035\174\355\050\214\002\006\073\061\175\366\307 -\336\063\254\204\042\155\313\007\002\003\001\000\001\243\102\060 -\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001 -\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002 -\001\006\060\035\006\003\125\035\016\004\026\004\024\123\222\243 -\175\377\202\166\360\063\324\353\222\147\107\141\063\033\150\073 -\052\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000 -\003\202\001\001\000\071\120\125\235\344\102\377\244\033\342\040 -\311\265\314\075\211\055\100\251\247\111\211\033\262\144\303\071 -\310\073\066\260\204\151\205\025\254\106\243\020\041\100\021\040 -\205\243\376\023\102\221\353\252\000\301\120\272\305\355\366\101 -\105\122\035\365\252\132\167\163\154\340\363\054\037\062\217\265 -\200\107\107\003\063\216\131\236\004\201\074\033\205\023\165\256 -\030\262\127\366\015\164\320\104\337\041\177\270\140\024\177\340 -\324\177\272\364\347\246\167\175\172\327\273\132\031\164\145\366 -\075\343\053\256\343\024\052\007\224\005\277\343\373\041\165\325 -\225\063\243\222\073\206\134\107\062\100\010\320\315\261\132\117 -\333\310\000\024\233\170\045\326\005\270\357\071\173\244\047\056 -\226\200\010\234\227\061\215\111\212\153\255\357\021\313\047\135 -\176\150\326\364\162\006\302\302\016\323\161\045\166\053\357\250 -\106\013\324\173\365\303\363\356\257\356\205\120\103\232\057\257 -\017\020\205\050\275\370\060\040\035\201\003\017\257\144\073\260 -\160\175\046\137\236\074\076\210\306\312\016\067\341\300\343\221 -\045\332\336\141\305 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "SZAFIR ROOT CA" -# Issuer: CN=SZAFIR ROOT CA,O=Krajowa Izba Rozliczeniowa S.A.,C=PL -# Serial Number:00:e6:09:fe:7a:ea:00:68:8c:e0:24:b4:ed:20:1b:1f:ef:52:b4:44:d1 -# Subject: CN=SZAFIR ROOT CA,O=Krajowa Izba Rozliczeniowa S.A.,C=PL -# Not Valid Before: Tue Dec 06 11:10:57 2011 -# Not Valid After : Sat Dec 06 11:10:57 2031 -# Fingerprint (SHA-256): FA:BC:F5:19:7C:DD:7F:45:8A:C3:38:32:D3:28:40:21:DB:24:25:FD:6B:EA:7A:2E:69:B7:48:6E:8F:51:F9:CC -# Fingerprint (SHA1): D3:EE:FB:CB:BC:F4:98:67:83:86:26:E2:3B:B5:9C:A0:1E:30:5D:B7 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "SZAFIR ROOT CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\323\356\373\313\274\364\230\147\203\206\046\342\073\265\234\240 -\036\060\135\267 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\021\354\176\065\313\333\367\353\031\350\261\165\300\043\303\044 -END -CKA_ISSUER MULTILINE_OCTAL -\060\120\061\013\060\011\006\003\125\004\006\023\002\120\114\061 -\050\060\046\006\003\125\004\012\014\037\113\162\141\152\157\167 -\141\040\111\172\142\141\040\122\157\172\154\151\143\172\145\156 -\151\157\167\141\040\123\056\101\056\061\027\060\025\006\003\125 -\004\003\014\016\123\132\101\106\111\122\040\122\117\117\124\040 -\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\025\000\346\011\376\172\352\000\150\214\340\044\264\355\040 -\033\037\357\122\264\104\321 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - - # # Certificate "TM Applied Business Root Certificate" # @@ -5830,204 +5693,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "E-Tugra Certification Authority" -# -# Issuer: CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tu..ra EBG Bili..im Teknolojileri ve Hizmetleri A....,L=Ankara,C=TR -# Serial Number:6a:68:3e:9c:51:9b:cb:53 -# Subject: CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tu..ra EBG Bili..im Teknolojileri ve Hizmetleri A....,L=Ankara,C=TR -# Not Valid Before: Tue Mar 05 12:09:48 2013 -# Not Valid After : Fri Mar 03 12:09:48 2023 -# Fingerprint (SHA-256): B0:BF:D5:2B:B0:D7:D9:BD:92:BF:5D:4D:C1:3D:A2:55:C0:2C:54:2F:37:83:65:EA:89:39:11:F5:5E:55:F2:3C -# Fingerprint (SHA1): 51:C6:E7:08:49:06:6E:F3:92:D4:5C:A0:0D:6D:A3:62:8F:C3:52:39 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "E-Tugra Certification Authority" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\262\061\013\060\011\006\003\125\004\006\023\002\124\122 -\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162 -\141\061\100\060\076\006\003\125\004\012\014\067\105\055\124\165 -\304\237\162\141\040\105\102\107\040\102\151\154\151\305\237\151 -\155\040\124\145\153\156\157\154\157\152\151\154\145\162\151\040 -\166\145\040\110\151\172\155\145\164\154\145\162\151\040\101\056 -\305\236\056\061\046\060\044\006\003\125\004\013\014\035\105\055 -\124\165\147\162\141\040\123\145\162\164\151\146\151\153\141\163 -\171\157\156\040\115\145\162\153\145\172\151\061\050\060\046\006 -\003\125\004\003\014\037\105\055\124\165\147\162\141\040\103\145 -\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150 -\157\162\151\164\171 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\262\061\013\060\011\006\003\125\004\006\023\002\124\122 -\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162 -\141\061\100\060\076\006\003\125\004\012\014\067\105\055\124\165 -\304\237\162\141\040\105\102\107\040\102\151\154\151\305\237\151 -\155\040\124\145\153\156\157\154\157\152\151\154\145\162\151\040 -\166\145\040\110\151\172\155\145\164\154\145\162\151\040\101\056 -\305\236\056\061\046\060\044\006\003\125\004\013\014\035\105\055 -\124\165\147\162\141\040\123\145\162\164\151\146\151\153\141\163 -\171\157\156\040\115\145\162\153\145\172\151\061\050\060\046\006 -\003\125\004\003\014\037\105\055\124\165\147\162\141\040\103\145 -\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150 -\157\162\151\164\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\152\150\076\234\121\233\313\123 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\006\113\060\202\004\063\240\003\002\001\002\002\010\152 -\150\076\234\121\233\313\123\060\015\006\011\052\206\110\206\367 -\015\001\001\013\005\000\060\201\262\061\013\060\011\006\003\125 -\004\006\023\002\124\122\061\017\060\015\006\003\125\004\007\014 -\006\101\156\153\141\162\141\061\100\060\076\006\003\125\004\012 -\014\067\105\055\124\165\304\237\162\141\040\105\102\107\040\102 -\151\154\151\305\237\151\155\040\124\145\153\156\157\154\157\152 -\151\154\145\162\151\040\166\145\040\110\151\172\155\145\164\154 -\145\162\151\040\101\056\305\236\056\061\046\060\044\006\003\125 -\004\013\014\035\105\055\124\165\147\162\141\040\123\145\162\164 -\151\146\151\153\141\163\171\157\156\040\115\145\162\153\145\172 -\151\061\050\060\046\006\003\125\004\003\014\037\105\055\124\165 -\147\162\141\040\103\145\162\164\151\146\151\143\141\164\151\157 -\156\040\101\165\164\150\157\162\151\164\171\060\036\027\015\061 -\063\060\063\060\065\061\062\060\071\064\070\132\027\015\062\063 -\060\063\060\063\061\062\060\071\064\070\132\060\201\262\061\013 -\060\011\006\003\125\004\006\023\002\124\122\061\017\060\015\006 -\003\125\004\007\014\006\101\156\153\141\162\141\061\100\060\076 -\006\003\125\004\012\014\067\105\055\124\165\304\237\162\141\040 -\105\102\107\040\102\151\154\151\305\237\151\155\040\124\145\153 -\156\157\154\157\152\151\154\145\162\151\040\166\145\040\110\151 -\172\155\145\164\154\145\162\151\040\101\056\305\236\056\061\046 -\060\044\006\003\125\004\013\014\035\105\055\124\165\147\162\141 -\040\123\145\162\164\151\146\151\153\141\163\171\157\156\040\115 -\145\162\153\145\172\151\061\050\060\046\006\003\125\004\003\014 -\037\105\055\124\165\147\162\141\040\103\145\162\164\151\146\151 -\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 -\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001 -\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001 -\000\342\365\077\223\005\121\036\205\142\124\136\172\013\365\030 -\007\203\256\176\257\174\367\324\212\153\245\143\103\071\271\113 -\367\303\306\144\211\075\224\056\124\200\122\071\071\007\113\113 -\335\205\007\166\207\314\277\057\225\114\314\175\247\075\274\107 -\017\230\160\370\214\205\036\164\216\222\155\033\100\321\231\015 -\273\165\156\310\251\153\232\300\204\061\257\312\103\313\353\053 -\064\350\217\227\153\001\233\325\016\112\010\252\133\222\164\205 -\103\323\200\256\241\210\133\256\263\352\136\313\026\232\167\104 -\310\241\366\124\150\316\336\217\227\053\272\133\100\002\014\144 -\027\300\265\223\315\341\361\023\146\316\014\171\357\321\221\050 -\253\137\240\022\122\060\163\031\216\217\341\214\007\242\303\273 -\112\360\352\037\025\250\356\045\314\244\106\370\033\042\357\263 -\016\103\272\054\044\270\305\054\134\324\034\370\135\144\275\303 -\223\136\050\247\077\047\361\216\036\323\052\120\005\243\125\331 -\313\347\071\123\300\230\236\214\124\142\213\046\260\367\175\215 -\174\344\306\236\146\102\125\202\107\347\262\130\215\146\367\007 -\174\056\066\346\120\034\077\333\103\044\305\277\206\107\171\263 -\171\034\367\132\364\023\354\154\370\077\342\131\037\225\356\102 -\076\271\255\250\062\205\111\227\106\376\113\061\217\132\313\255 -\164\107\037\351\221\267\337\050\004\042\240\324\017\135\342\171 -\117\352\154\205\206\275\250\246\316\344\372\303\341\263\256\336 -\074\121\356\313\023\174\001\177\204\016\135\121\224\236\023\014 -\266\056\245\114\371\071\160\066\157\226\312\056\014\104\125\305 -\312\372\135\002\243\337\326\144\214\132\263\001\012\251\265\012 -\107\027\377\357\221\100\052\216\241\106\072\061\230\345\021\374 -\314\273\111\126\212\374\271\320\141\232\157\145\154\346\303\313 -\076\165\111\376\217\247\342\211\305\147\327\235\106\023\116\061 -\166\073\044\263\236\021\145\206\253\177\357\035\324\370\274\347 -\254\132\134\267\132\107\134\125\316\125\264\042\161\133\133\013 -\360\317\334\240\141\144\352\251\327\150\012\143\247\340\015\077 -\240\257\323\252\322\176\357\121\240\346\121\053\125\222\025\027 -\123\313\267\146\016\146\114\370\371\165\114\220\347\022\160\307 -\105\002\003\001\000\001\243\143\060\141\060\035\006\003\125\035 -\016\004\026\004\024\056\343\333\262\111\320\234\124\171\134\372 -\047\052\376\314\116\322\350\116\124\060\017\006\003\125\035\023 -\001\001\377\004\005\060\003\001\001\377\060\037\006\003\125\035 -\043\004\030\060\026\200\024\056\343\333\262\111\320\234\124\171 -\134\372\047\052\376\314\116\322\350\116\124\060\016\006\003\125 -\035\017\001\001\377\004\004\003\002\001\006\060\015\006\011\052 -\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000\005 -\067\072\364\115\267\105\342\105\165\044\217\266\167\122\350\034 -\330\020\223\145\363\362\131\006\244\076\036\051\354\135\321\320 -\253\174\340\012\220\110\170\355\116\230\003\231\376\050\140\221 -\035\060\035\270\143\174\250\346\065\265\372\323\141\166\346\326 -\007\113\312\151\232\262\204\172\167\223\105\027\025\237\044\320 -\230\023\022\377\273\240\056\375\116\114\207\370\316\134\252\230 -\033\005\340\000\106\112\202\200\245\063\213\050\334\355\070\323 -\337\345\076\351\376\373\131\335\141\204\117\322\124\226\023\141 -\023\076\217\200\151\276\223\107\265\065\103\322\132\273\075\134 -\357\263\102\107\315\073\125\023\006\260\011\333\375\143\366\072 -\210\012\231\157\176\341\316\033\123\152\104\146\043\121\010\173 -\274\133\122\242\375\006\067\070\100\141\217\112\226\270\220\067 -\370\146\307\170\220\000\025\056\213\255\121\065\123\007\250\153 -\150\256\371\116\074\007\046\315\010\005\160\314\071\077\166\275 -\245\323\147\046\001\206\246\123\322\140\073\174\103\177\125\212 -\274\225\032\301\050\071\114\037\103\322\221\364\162\131\212\271 -\126\374\077\264\235\332\160\234\166\132\214\103\120\356\216\060 -\162\115\337\377\111\367\306\251\147\331\155\254\002\021\342\072 -\026\045\247\130\010\313\157\123\101\234\110\070\107\150\063\321 -\327\307\217\324\164\041\324\303\005\220\172\377\316\226\210\261 -\025\051\135\043\253\320\140\241\022\117\336\364\027\315\062\345 -\311\277\310\103\255\375\056\216\361\257\342\364\230\372\022\037 -\040\330\300\247\014\205\305\220\364\073\055\226\046\261\054\276 -\114\253\353\261\322\212\311\333\170\023\017\036\011\235\155\217 -\000\237\002\332\301\372\037\172\172\011\304\112\346\210\052\227 -\237\211\213\375\067\137\137\072\316\070\131\206\113\257\161\013 -\264\330\362\160\117\237\062\023\343\260\247\127\345\332\332\103 -\313\204\064\362\050\304\352\155\364\052\357\301\153\166\332\373 -\176\273\205\074\322\123\302\115\276\161\341\105\321\375\043\147 -\015\023\165\373\317\145\147\042\235\256\260\011\321\011\377\035 -\064\277\376\043\227\067\322\071\372\075\015\006\013\264\333\073 -\243\253\157\134\035\266\176\350\263\202\064\355\006\134\044 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "E-Tugra Certification Authority" -# Issuer: CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tu..ra EBG Bili..im Teknolojileri ve Hizmetleri A....,L=Ankara,C=TR -# Serial Number:6a:68:3e:9c:51:9b:cb:53 -# Subject: CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tu..ra EBG Bili..im Teknolojileri ve Hizmetleri A....,L=Ankara,C=TR -# Not Valid Before: Tue Mar 05 12:09:48 2013 -# Not Valid After : Fri Mar 03 12:09:48 2023 -# Fingerprint (SHA-256): B0:BF:D5:2B:B0:D7:D9:BD:92:BF:5D:4D:C1:3D:A2:55:C0:2C:54:2F:37:83:65:EA:89:39:11:F5:5E:55:F2:3C -# Fingerprint (SHA1): 51:C6:E7:08:49:06:6E:F3:92:D4:5C:A0:0D:6D:A3:62:8F:C3:52:39 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "E-Tugra Certification Authority" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\121\306\347\010\111\006\156\363\222\324\134\240\015\155\243\142 -\217\303\122\071 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\270\241\003\143\260\275\041\161\160\212\157\023\072\273\171\111 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\262\061\013\060\011\006\003\125\004\006\023\002\124\122 -\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162 -\141\061\100\060\076\006\003\125\004\012\014\067\105\055\124\165 -\304\237\162\141\040\105\102\107\040\102\151\154\151\305\237\151 -\155\040\124\145\153\156\157\154\157\152\151\154\145\162\151\040 -\166\145\040\110\151\172\155\145\164\154\145\162\151\040\101\056 -\305\236\056\061\046\060\044\006\003\125\004\013\014\035\105\055 -\124\165\147\162\141\040\123\145\162\164\151\146\151\153\141\163 -\171\157\156\040\115\145\162\153\145\172\151\061\050\060\046\006 -\003\125\004\003\014\037\105\055\124\165\147\162\141\040\103\145 -\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150 -\157\162\151\164\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\152\150\076\234\121\233\313\123 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - - # # Certificate "OATI WebCARES Root CA" # @@ -7157,195 +6822,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "Symantec Class 3 Public Primary Certification Authority - G6" -# -# Issuer: CN=Symantec Class 3 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Serial Number:65:63:71:85:d3:6f:45:c6:8f:7f:31:f9:09:87:92:82 -# Subject: CN=Symantec Class 3 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Not Valid Before: Thu Oct 18 00:00:00 2012 -# Not Valid After : Tue Dec 01 23:59:59 2037 -# Fingerprint (SHA-256): B3:23:96:74:64:53:44:2F:35:3E:61:62:92:BB:20:BB:AA:5D:23:B5:46:45:0F:DB:9C:54:B8:38:61:67:D5:29 -# Fingerprint (SHA1): 26:A1:6C:23:5A:24:72:22:9B:23:62:80:25:BC:80:97:C8:85:24:A1 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Symantec Class 3 Public Primary Certification Authority - G6" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 -\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 -\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 -\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 -\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 -\164\145\143\040\103\154\141\163\163\040\063\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\066 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 -\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 -\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 -\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 -\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 -\164\145\143\040\103\154\141\163\163\040\063\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\066 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\145\143\161\205\323\157\105\306\217\177\061\371\011\207 -\222\202 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\366\060\202\003\336\240\003\002\001\002\002\020\145 -\143\161\205\323\157\105\306\217\177\061\371\011\207\222\202\060 -\015\006\011\052\206\110\206\367\015\001\001\014\005\000\060\201 -\224\061\013\060\011\006\003\125\004\006\023\002\125\123\061\035 -\060\033\006\003\125\004\012\023\024\123\171\155\141\156\164\145 -\143\040\103\157\162\160\157\162\141\164\151\157\156\061\037\060 -\035\006\003\125\004\013\023\026\123\171\155\141\156\164\145\143 -\040\124\162\165\163\164\040\116\145\164\167\157\162\153\061\105 -\060\103\006\003\125\004\003\023\074\123\171\155\141\156\164\145 -\143\040\103\154\141\163\163\040\063\040\120\165\142\154\151\143 -\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151 -\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 -\040\055\040\107\066\060\036\027\015\061\062\061\060\061\070\060 -\060\060\060\060\060\132\027\015\063\067\061\062\060\061\062\063 -\065\071\065\071\132\060\201\224\061\013\060\011\006\003\125\004 -\006\023\002\125\123\061\035\060\033\006\003\125\004\012\023\024 -\123\171\155\141\156\164\145\143\040\103\157\162\160\157\162\141 -\164\151\157\156\061\037\060\035\006\003\125\004\013\023\026\123 -\171\155\141\156\164\145\143\040\124\162\165\163\164\040\116\145 -\164\167\157\162\153\061\105\060\103\006\003\125\004\003\023\074 -\123\171\155\141\156\164\145\143\040\103\154\141\163\163\040\063 -\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171\040 -\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165 -\164\150\157\162\151\164\171\040\055\040\107\066\060\202\002\042 -\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003 -\202\002\017\000\060\202\002\012\002\202\002\001\000\267\016\262 -\372\115\274\232\162\025\373\167\133\333\375\103\017\313\013\367 -\140\056\263\053\176\014\273\123\362\314\116\145\363\031\273\377 -\065\035\367\323\251\273\100\055\265\335\170\324\246\371\067\352 -\205\005\173\155\267\346\023\113\006\174\373\166\143\217\040\035 -\055\070\053\004\205\362\350\260\321\137\115\112\041\311\152\330 -\224\352\036\002\120\246\252\220\007\240\107\041\352\146\371\004 -\240\346\203\360\304\365\136\226\342\047\115\141\303\263\301\214 -\042\266\146\241\000\321\126\051\373\355\301\177\044\312\075\372 -\132\224\260\204\303\307\272\103\034\375\144\016\361\050\373\107 -\131\362\046\341\061\271\104\371\253\335\373\276\276\054\067\343 -\254\013\030\323\374\001\242\361\244\012\065\202\107\114\253\275 -\212\136\337\023\205\374\040\314\110\131\257\257\101\157\313\043 -\315\312\223\247\335\325\137\310\144\073\377\001\003\240\012\117 -\055\156\075\204\276\257\310\062\262\123\051\220\025\367\260\005 -\232\012\074\366\271\006\220\311\245\341\135\240\073\260\376\250 -\266\277\365\211\050\127\044\072\041\206\161\344\334\212\213\101 -\125\354\036\060\044\131\321\300\131\270\170\257\252\132\164\336 -\045\200\060\230\355\060\104\157\041\160\034\333\022\123\016\326 -\246\050\146\223\054\037\314\117\074\033\201\305\271\366\170\157 -\320\062\072\010\162\333\153\016\106\027\205\224\363\274\357\274 -\367\244\136\216\351\351\265\144\345\267\113\105\022\054\114\067 -\267\140\103\012\115\161\006\000\224\046\065\164\037\273\172\071 -\134\116\073\346\270\003\342\307\223\213\204\054\045\111\105\335 -\177\043\224\140\037\313\351\315\366\253\227\367\141\347\373\177 -\142\201\310\334\012\060\134\030\174\346\316\357\307\156\036\207 -\174\263\351\312\310\173\152\364\150\374\203\245\014\126\264\272 -\262\215\112\012\307\227\227\305\210\060\025\075\020\010\124\025 -\162\162\147\063\063\364\174\267\316\000\047\123\145\316\044\361 -\132\144\347\066\057\362\056\002\302\227\337\162\350\002\036\240 -\367\075\265\373\150\140\003\372\063\251\346\022\155\006\341\251 -\250\135\116\074\376\331\347\000\145\254\266\031\115\173\203\177 -\064\107\352\341\030\155\261\213\034\171\253\347\235\002\003\001 -\000\001\243\102\060\100\060\016\006\003\125\035\017\001\001\377 -\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377 -\004\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026 -\004\024\071\161\010\000\076\336\310\206\347\220\377\344\375\041 -\017\316\044\031\026\366\060\015\006\011\052\206\110\206\367\015 -\001\001\014\005\000\003\202\002\001\000\120\153\210\115\140\110 -\316\132\343\042\316\147\174\204\247\315\034\375\351\014\003\214 -\066\257\012\207\016\152\256\127\256\001\320\066\273\362\375\271 -\163\301\137\265\250\256\114\242\372\111\313\007\106\026\066\275 -\343\310\127\070\176\070\344\277\045\063\140\306\334\067\234\143 -\273\136\230\036\032\262\202\360\256\246\167\021\200\104\107\241 -\051\305\360\263\072\316\230\360\270\354\323\016\200\006\167\043 -\060\114\377\171\144\143\042\133\167\223\103\113\165\263\333\073 -\156\073\112\335\361\310\256\265\067\212\225\210\072\020\150\160 -\070\271\133\160\176\325\103\311\374\137\117\345\346\173\066\356 -\360\040\355\107\127\023\046\020\136\024\006\015\173\166\007\302 -\306\055\026\364\256\247\154\017\274\210\017\117\054\002\266\243 -\327\042\346\231\107\065\330\215\245\117\201\022\072\021\175\263 -\314\013\165\363\036\160\243\033\003\352\372\232\350\346\056\066 -\071\314\231\316\072\077\014\267\256\370\103\231\260\223\156\157 -\252\331\017\152\061\221\273\234\323\264\050\373\203\114\172\163 -\202\120\147\322\016\254\355\140\305\262\135\065\230\317\207\176 -\036\131\035\044\274\126\272\332\244\132\330\314\346\274\036\020 -\217\033\214\216\363\301\333\267\276\324\260\133\145\217\026\150 -\363\126\305\052\031\026\115\017\270\145\207\155\044\203\270\142 -\334\340\107\141\032\210\173\316\116\177\375\334\306\015\132\232 -\244\363\265\114\366\335\061\246\350\035\021\041\063\060\004\141 -\175\034\340\076\117\215\077\265\213\022\000\132\175\251\241\000 -\324\203\353\160\273\030\370\244\322\034\201\055\267\010\021\310 -\046\173\266\324\345\017\003\106\162\324\045\100\036\276\111\135 -\155\223\361\134\262\073\165\124\151\072\240\356\114\042\272\254 -\232\342\010\255\105\143\005\112\122\065\166\304\064\365\136\007 -\062\255\334\174\046\321\133\217\255\344\346\252\033\165\237\353 -\135\264\350\300\251\025\174\116\112\007\162\337\106\311\324\221 -\222\165\126\260\341\356\067\066\145\050\305\025\310\053\166\314 -\155\157\031\203\364\375\332\025\342\101\347\063\171\106\203\127 -\371\361\245\266\155\323\274\327\123\347\356\161\155\170\251\227 -\247\356\040\234\031\025\162\025\075\004 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Symantec Class 3 Public Primary Certification Authority - G6" -# Issuer: CN=Symantec Class 3 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Serial Number:65:63:71:85:d3:6f:45:c6:8f:7f:31:f9:09:87:92:82 -# Subject: CN=Symantec Class 3 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Not Valid Before: Thu Oct 18 00:00:00 2012 -# Not Valid After : Tue Dec 01 23:59:59 2037 -# Fingerprint (SHA-256): B3:23:96:74:64:53:44:2F:35:3E:61:62:92:BB:20:BB:AA:5D:23:B5:46:45:0F:DB:9C:54:B8:38:61:67:D5:29 -# Fingerprint (SHA1): 26:A1:6C:23:5A:24:72:22:9B:23:62:80:25:BC:80:97:C8:85:24:A1 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Symantec Class 3 Public Primary Certification Authority - G6" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\046\241\154\043\132\044\162\042\233\043\142\200\045\274\200\227 -\310\205\044\241 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\215\321\226\044\304\114\217\135\046\364\154\215\122\101\032\306 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 -\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 -\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 -\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 -\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 -\164\145\143\040\103\154\141\163\163\040\063\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\066 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\145\143\161\205\323\157\105\306\217\177\061\371\011\207 -\222\202 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - - # # Certificate "CFCA EV ROOT" # @@ -7876,127 +7352,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "China Financial CA" -# -# Issuer: O=CFCA GT CA,C=CN -# Serial Number: 429472831 (0x19993c3f) -# Subject: O=CFCA GT CA,C=CN -# Not Valid Before: Mon Jun 13 08:15:09 2011 -# Not Valid After : Tue Jun 09 08:15:09 2026 -# Fingerprint (SHA-256): 07:71:92:0C:8C:B8:74:D5:C5:A4:DC:0D:6A:51:A2:D4:95:D3:8C:4D:E2:CD:5B:83:D2:A0:6F:AA:05:19:35:F6 -# Fingerprint (SHA1): EA:BD:A2:40:44:0A:BB:D6:94:93:0A:01:D0:97:64:C6:C2:D7:79:66 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "China Financial CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\042\061\013\060\011\006\003\125\004\006\023\002\103\116\061 -\023\060\021\006\003\125\004\012\023\012\103\106\103\101\040\107 -\124\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\042\061\013\060\011\006\003\125\004\006\023\002\103\116\061 -\023\060\021\006\003\125\004\012\023\012\103\106\103\101\040\107 -\124\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\031\231\074\077 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\037\060\202\002\007\240\003\002\001\002\002\004\031 -\231\074\077\060\015\006\011\052\206\110\206\367\015\001\001\005 -\005\000\060\042\061\013\060\011\006\003\125\004\006\023\002\103 -\116\061\023\060\021\006\003\125\004\012\023\012\103\106\103\101 -\040\107\124\040\103\101\060\036\027\015\061\061\060\066\061\063 -\060\070\061\065\060\071\132\027\015\062\066\060\066\060\071\060 -\070\061\065\060\071\132\060\042\061\013\060\011\006\003\125\004 -\006\023\002\103\116\061\023\060\021\006\003\125\004\012\023\012 -\103\106\103\101\040\107\124\040\103\101\060\202\001\042\060\015 -\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001 -\017\000\060\202\001\012\002\202\001\001\000\277\163\306\132\053 -\214\170\366\130\267\374\322\027\220\245\053\164\354\201\054\223 -\315\122\314\156\344\052\313\044\241\061\344\255\060\156\343\230 -\042\061\327\041\233\237\325\017\067\057\132\273\070\242\267\171 -\046\147\326\015\305\027\052\234\271\124\004\341\015\165\206\156 -\330\314\305\200\147\033\310\214\055\000\046\206\074\172\171\076 -\266\251\302\116\040\260\067\227\306\205\166\022\202\012\347\124 -\273\213\376\075\256\343\354\153\130\103\366\245\067\353\130\242 -\275\220\304\345\373\312\153\312\060\154\267\173\211\366\061\322 -\214\377\117\302\226\045\103\251\161\065\045\013\030\341\254\310 -\243\044\266\161\223\214\361\135\374\234\020\005\173\377\300\133 -\340\261\227\255\037\330\376\105\365\300\037\235\133\107\071\034 -\006\372\333\146\205\333\044\043\352\173\322\071\040\370\353\052 -\262\032\121\363\224\132\050\002\116\247\134\107\156\317\374\331 -\350\346\141\132\026\047\307\025\015\230\331\350\323\003\065\220 -\051\337\262\057\215\020\167\043\310\270\172\323\021\141\152\363 -\377\201\222\245\354\102\113\150\116\200\327\002\003\001\000\001 -\243\135\060\133\060\037\006\003\125\035\043\004\030\060\026\200 -\024\214\166\120\316\045\323\171\053\074\364\155\235\232\341\236 -\005\117\350\075\045\060\014\006\003\125\035\023\004\005\060\003 -\001\001\377\060\013\006\003\125\035\017\004\004\003\002\001\306 -\060\035\006\003\125\035\016\004\026\004\024\214\166\120\316\045 -\323\171\053\074\364\155\235\232\341\236\005\117\350\075\045\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202 -\001\001\000\276\273\226\130\324\335\211\211\017\054\315\372\143 -\105\166\015\071\200\232\215\372\250\105\141\075\041\125\350\316 -\150\307\031\351\302\261\007\302\213\073\057\317\141\205\220\247 -\122\027\062\072\257\012\005\025\310\306\316\335\216\224\046\006 -\370\320\140\356\263\156\324\015\272\132\335\253\240\174\120\162 -\246\325\220\223\126\327\131\071\333\350\177\263\225\170\123\201 -\122\122\137\364\222\201\002\301\373\042\271\321\003\127\247\176 -\313\373\300\106\274\023\164\114\050\053\166\222\151\037\301\120 -\221\021\305\114\336\013\224\214\027\203\214\257\067\207\264\352 -\153\157\242\132\065\101\141\205\057\234\027\300\373\271\016\242 -\141\006\107\166\274\220\011\230\164\015\322\010\057\275\344\015 -\162\361\246\137\303\174\300\175\352\274\323\253\040\221\313\134 -\005\214\235\250\065\372\066\126\273\011\363\204\135\326\361\342 -\054\236\331\176\361\202\240\341\267\057\176\355\371\173\240\000 -\270\262\336\035\171\341\201\363\122\131\232\024\135\347\302\021 -\363\232\303\072\170\043\276\116\146\336\244\071\151\362\230\072 -\054\012\000 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "China Financial CA" -# Issuer: O=CFCA GT CA,C=CN -# Serial Number: 429472831 (0x19993c3f) -# Subject: O=CFCA GT CA,C=CN -# Not Valid Before: Mon Jun 13 08:15:09 2011 -# Not Valid After : Tue Jun 09 08:15:09 2026 -# Fingerprint (SHA-256): 07:71:92:0C:8C:B8:74:D5:C5:A4:DC:0D:6A:51:A2:D4:95:D3:8C:4D:E2:CD:5B:83:D2:A0:6F:AA:05:19:35:F6 -# Fingerprint (SHA1): EA:BD:A2:40:44:0A:BB:D6:94:93:0A:01:D0:97:64:C6:C2:D7:79:66 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "China Financial CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\352\275\242\100\104\012\273\326\224\223\012\001\320\227\144\306 -\302\327\171\146 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\054\315\363\305\131\246\204\144\240\147\120\377\113\114\326\024 -END -CKA_ISSUER MULTILINE_OCTAL -\060\042\061\013\060\011\006\003\125\004\006\023\002\103\116\061 -\023\060\021\006\003\125\004\012\023\012\103\106\103\101\040\107 -\124\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\031\231\074\077 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - - # # Certificate "Inera AB" # @@ -14820,321 +14175,53 @@ CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "thawte Primary Root CA - G2" +# Certificate "VeriSign Universal Root Certification Authority" # -# Issuer: CN=thawte Primary Root CA - G2,OU="(c) 2007 thawte, Inc. - For authorized use only",O="thawte, Inc.",C=US -# Serial Number:35:fc:26:5c:d9:84:4f:c9:3d:26:3d:57:9b:ae:d7:56 -# Subject: CN=thawte Primary Root CA - G2,OU="(c) 2007 thawte, Inc. - For authorized use only",O="thawte, Inc.",C=US -# Not Valid Before: Mon Nov 05 00:00:00 2007 -# Not Valid After : Mon Jan 18 23:59:59 2038 -# Fingerprint (SHA-256): A4:31:0D:50:AF:18:A6:44:71:90:37:2A:86:AF:AF:8B:95:1F:FB:43:1D:83:7F:1E:56:88:B4:59:71:ED:15:57 -# Fingerprint (SHA1): AA:DB:BC:22:23:8F:C4:01:A1:27:BB:38:DD:F4:1D:DB:08:9E:F0:12 +# Issuer: CN=VeriSign Universal Root Certification Authority,OU="(c) 2008 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US +# Serial Number:40:1a:c4:64:21:b3:13:21:03:0e:bb:e4:12:1a:c5:1d +# Subject: CN=VeriSign Universal Root Certification Authority,OU="(c) 2008 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US +# Not Valid Before: Wed Apr 02 00:00:00 2008 +# Not Valid After : Tue Dec 01 23:59:59 2037 +# Fingerprint (SHA-256): 23:99:56:11:27:A5:71:25:DE:8C:EF:EA:61:0D:DF:2F:A0:78:B5:C8:06:7F:4E:82:82:90:BF:B8:60:E8:4B:3C +# Fingerprint (SHA1): 36:79:CA:35:66:87:72:30:4D:30:A5:FB:87:3B:0F:A7:7B:B7:0D:54 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "thawte Primary Root CA - G2" +CKA_LABEL UTF8 "VeriSign Universal Root Certification Authority" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\201\204\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164 -\145\054\040\111\156\143\056\061\070\060\066\006\003\125\004\013 -\023\057\050\143\051\040\062\060\060\067\040\164\150\141\167\164 -\145\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165 -\164\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154 -\171\061\044\060\042\006\003\125\004\003\023\033\164\150\141\167 -\164\145\040\120\162\151\155\141\162\171\040\122\157\157\164\040 -\103\101\040\055\040\107\062 +\060\201\275\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 +\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 +\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 +\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 +\125\004\013\023\061\050\143\051\040\062\060\060\070\040\126\145 +\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 +\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 +\145\040\157\156\154\171\061\070\060\066\006\003\125\004\003\023 +\057\126\145\162\151\123\151\147\156\040\125\156\151\166\145\162 +\163\141\154\040\122\157\157\164\040\103\145\162\164\151\146\151 +\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\201\204\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164 -\145\054\040\111\156\143\056\061\070\060\066\006\003\125\004\013 -\023\057\050\143\051\040\062\060\060\067\040\164\150\141\167\164 -\145\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165 -\164\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154 -\171\061\044\060\042\006\003\125\004\003\023\033\164\150\141\167 -\164\145\040\120\162\151\155\141\162\171\040\122\157\157\164\040 -\103\101\040\055\040\107\062 +\060\201\275\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 +\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 +\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 +\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 +\125\004\013\023\061\050\143\051\040\062\060\060\070\040\126\145 +\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 +\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 +\145\040\157\156\154\171\061\070\060\066\006\003\125\004\003\023 +\057\126\145\162\151\123\151\147\156\040\125\156\151\166\145\162 +\163\141\154\040\122\157\157\164\040\103\145\162\164\151\146\151 +\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\065\374\046\134\331\204\117\311\075\046\075\127\233\256 -\327\126 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\002\210\060\202\002\015\240\003\002\001\002\002\020\065 -\374\046\134\331\204\117\311\075\046\075\127\233\256\327\126\060 -\012\006\010\052\206\110\316\075\004\003\003\060\201\204\061\013 -\060\011\006\003\125\004\006\023\002\125\123\061\025\060\023\006 -\003\125\004\012\023\014\164\150\141\167\164\145\054\040\111\156 -\143\056\061\070\060\066\006\003\125\004\013\023\057\050\143\051 -\040\062\060\060\067\040\164\150\141\167\164\145\054\040\111\156 -\143\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151 -\172\145\144\040\165\163\145\040\157\156\154\171\061\044\060\042 -\006\003\125\004\003\023\033\164\150\141\167\164\145\040\120\162 -\151\155\141\162\171\040\122\157\157\164\040\103\101\040\055\040 -\107\062\060\036\027\015\060\067\061\061\060\065\060\060\060\060 -\060\060\132\027\015\063\070\060\061\061\070\062\063\065\071\065 -\071\132\060\201\204\061\013\060\011\006\003\125\004\006\023\002 -\125\123\061\025\060\023\006\003\125\004\012\023\014\164\150\141 -\167\164\145\054\040\111\156\143\056\061\070\060\066\006\003\125 -\004\013\023\057\050\143\051\040\062\060\060\067\040\164\150\141 -\167\164\145\054\040\111\156\143\056\040\055\040\106\157\162\040 -\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 -\156\154\171\061\044\060\042\006\003\125\004\003\023\033\164\150 -\141\167\164\145\040\120\162\151\155\141\162\171\040\122\157\157 -\164\040\103\101\040\055\040\107\062\060\166\060\020\006\007\052 -\206\110\316\075\002\001\006\005\053\201\004\000\042\003\142\000 -\004\242\325\234\202\173\225\235\361\122\170\207\376\212\026\277 -\005\346\337\243\002\117\015\007\306\000\121\272\014\002\122\055 -\042\244\102\071\304\376\217\352\311\301\276\324\115\377\237\172 -\236\342\261\174\232\255\247\206\011\163\207\321\347\232\343\172 -\245\252\156\373\272\263\160\300\147\210\242\065\324\243\232\261 -\375\255\302\357\061\372\250\271\363\373\010\306\221\321\373\051 -\225\243\102\060\100\060\017\006\003\125\035\023\001\001\377\004 -\005\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377 -\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026\004 -\024\232\330\000\060\000\347\153\177\205\030\356\213\266\316\212 -\014\370\021\341\273\060\012\006\010\052\206\110\316\075\004\003 -\003\003\151\000\060\146\002\061\000\335\370\340\127\107\133\247 -\346\012\303\275\365\200\212\227\065\015\033\211\074\124\206\167 -\050\312\241\364\171\336\265\346\070\260\360\145\160\214\177\002 -\124\302\277\377\330\241\076\331\317\002\061\000\304\215\224\374 -\334\123\322\334\235\170\026\037\025\063\043\123\122\343\132\061 -\135\235\312\256\275\023\051\104\015\047\133\250\347\150\234\022 -\367\130\077\056\162\002\127\243\217\241\024\056 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "thawte Primary Root CA - G2" -# Issuer: CN=thawte Primary Root CA - G2,OU="(c) 2007 thawte, Inc. - For authorized use only",O="thawte, Inc.",C=US -# Serial Number:35:fc:26:5c:d9:84:4f:c9:3d:26:3d:57:9b:ae:d7:56 -# Subject: CN=thawte Primary Root CA - G2,OU="(c) 2007 thawte, Inc. - For authorized use only",O="thawte, Inc.",C=US -# Not Valid Before: Mon Nov 05 00:00:00 2007 -# Not Valid After : Mon Jan 18 23:59:59 2038 -# Fingerprint (SHA-256): A4:31:0D:50:AF:18:A6:44:71:90:37:2A:86:AF:AF:8B:95:1F:FB:43:1D:83:7F:1E:56:88:B4:59:71:ED:15:57 -# Fingerprint (SHA1): AA:DB:BC:22:23:8F:C4:01:A1:27:BB:38:DD:F4:1D:DB:08:9E:F0:12 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "thawte Primary Root CA - G2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\252\333\274\042\043\217\304\001\241\047\273\070\335\364\035\333 -\010\236\360\022 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\164\235\352\140\044\304\375\042\123\076\314\072\162\331\051\117 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\204\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164 -\145\054\040\111\156\143\056\061\070\060\066\006\003\125\004\013 -\023\057\050\143\051\040\062\060\060\067\040\164\150\141\167\164 -\145\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165 -\164\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154 -\171\061\044\060\042\006\003\125\004\003\023\033\164\150\141\167 -\164\145\040\120\162\151\155\141\162\171\040\122\157\157\164\040 -\103\101\040\055\040\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\065\374\046\134\331\204\117\311\075\046\075\127\233\256 -\327\126 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - - -# -# Certificate "GeoTrust Primary Certification Authority - G2" -# -# Issuer: CN=GeoTrust Primary Certification Authority - G2,OU=(c) 2007 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US -# Serial Number:3c:b2:f4:48:0a:00:e2:fe:eb:24:3b:5e:60:3e:c3:6b -# Subject: CN=GeoTrust Primary Certification Authority - G2,OU=(c) 2007 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US -# Not Valid Before: Mon Nov 05 00:00:00 2007 -# Not Valid After : Mon Jan 18 23:59:59 2038 -# Fingerprint (SHA-256): 5E:DB:7A:C4:3B:82:A0:6A:87:61:E8:D7:BE:49:79:EB:F2:61:1F:7D:D7:9B:F9:1C:1C:6B:56:6A:21:9E:D7:66 -# Fingerprint (SHA1): 8D:17:84:D5:37:F3:03:7D:EC:70:FE:57:8B:51:9A:99:E6:10:D7:B0 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GeoTrust Primary Certification Authority - G2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162 -\165\163\164\040\111\156\143\056\061\071\060\067\006\003\125\004 -\013\023\060\050\143\051\040\062\060\060\067\040\107\145\157\124 -\162\165\163\164\040\111\156\143\056\040\055\040\106\157\162\040 -\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 -\156\154\171\061\066\060\064\006\003\125\004\003\023\055\107\145 -\157\124\162\165\163\164\040\120\162\151\155\141\162\171\040\103 -\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164 -\150\157\162\151\164\171\040\055\040\107\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162 -\165\163\164\040\111\156\143\056\061\071\060\067\006\003\125\004 -\013\023\060\050\143\051\040\062\060\060\067\040\107\145\157\124 -\162\165\163\164\040\111\156\143\056\040\055\040\106\157\162\040 -\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 -\156\154\171\061\066\060\064\006\003\125\004\003\023\055\107\145 -\157\124\162\165\163\164\040\120\162\151\155\141\162\171\040\103 -\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164 -\150\157\162\151\164\171\040\055\040\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\074\262\364\110\012\000\342\376\353\044\073\136\140\076 -\303\153 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\002\256\060\202\002\065\240\003\002\001\002\002\020\074 -\262\364\110\012\000\342\376\353\044\073\136\140\076\303\153\060 -\012\006\010\052\206\110\316\075\004\003\003\060\201\230\061\013 -\060\011\006\003\125\004\006\023\002\125\123\061\026\060\024\006 -\003\125\004\012\023\015\107\145\157\124\162\165\163\164\040\111 -\156\143\056\061\071\060\067\006\003\125\004\013\023\060\050\143 -\051\040\062\060\060\067\040\107\145\157\124\162\165\163\164\040 -\111\156\143\056\040\055\040\106\157\162\040\141\165\164\150\157 -\162\151\172\145\144\040\165\163\145\040\157\156\154\171\061\066 -\060\064\006\003\125\004\003\023\055\107\145\157\124\162\165\163 -\164\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171\040\055\040\107\062\060\036\027\015\060\067\061\061\060\065 -\060\060\060\060\060\060\132\027\015\063\070\060\061\061\070\062 -\063\065\071\065\071\132\060\201\230\061\013\060\011\006\003\125 -\004\006\023\002\125\123\061\026\060\024\006\003\125\004\012\023 -\015\107\145\157\124\162\165\163\164\040\111\156\143\056\061\071 -\060\067\006\003\125\004\013\023\060\050\143\051\040\062\060\060 -\067\040\107\145\157\124\162\165\163\164\040\111\156\143\056\040 -\055\040\106\157\162\040\141\165\164\150\157\162\151\172\145\144 -\040\165\163\145\040\157\156\154\171\061\066\060\064\006\003\125 -\004\003\023\055\107\145\157\124\162\165\163\164\040\120\162\151 -\155\141\162\171\040\103\145\162\164\151\146\151\143\141\164\151 -\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107 -\062\060\166\060\020\006\007\052\206\110\316\075\002\001\006\005 -\053\201\004\000\042\003\142\000\004\025\261\350\375\003\025\103 -\345\254\353\207\067\021\142\357\322\203\066\122\175\105\127\013 -\112\215\173\124\073\072\156\137\025\002\300\120\246\317\045\057 -\175\312\110\270\307\120\143\034\052\041\010\174\232\066\330\013 -\376\321\046\305\130\061\060\050\045\363\135\135\243\270\266\245 -\264\222\355\154\054\237\353\335\103\211\242\074\113\110\221\035 -\120\354\046\337\326\140\056\275\041\243\102\060\100\060\017\006 -\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016 -\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060\035 -\006\003\125\035\016\004\026\004\024\025\137\065\127\121\125\373 -\045\262\255\003\151\374\001\243\372\276\021\125\325\060\012\006 -\010\052\206\110\316\075\004\003\003\003\147\000\060\144\002\060 -\144\226\131\246\350\011\336\213\272\372\132\210\210\360\037\221 -\323\106\250\362\112\114\002\143\373\154\137\070\333\056\101\223 -\251\016\346\235\334\061\034\262\240\247\030\034\171\341\307\066 -\002\060\072\126\257\232\164\154\366\373\203\340\063\323\010\137 -\241\234\302\133\237\106\326\266\313\221\006\143\242\006\347\063 -\254\076\250\201\022\320\313\272\320\222\013\266\236\226\252\004 -\017\212 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "GeoTrust Primary Certification Authority - G2" -# Issuer: CN=GeoTrust Primary Certification Authority - G2,OU=(c) 2007 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US -# Serial Number:3c:b2:f4:48:0a:00:e2:fe:eb:24:3b:5e:60:3e:c3:6b -# Subject: CN=GeoTrust Primary Certification Authority - G2,OU=(c) 2007 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US -# Not Valid Before: Mon Nov 05 00:00:00 2007 -# Not Valid After : Mon Jan 18 23:59:59 2038 -# Fingerprint (SHA-256): 5E:DB:7A:C4:3B:82:A0:6A:87:61:E8:D7:BE:49:79:EB:F2:61:1F:7D:D7:9B:F9:1C:1C:6B:56:6A:21:9E:D7:66 -# Fingerprint (SHA1): 8D:17:84:D5:37:F3:03:7D:EC:70:FE:57:8B:51:9A:99:E6:10:D7:B0 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GeoTrust Primary Certification Authority - G2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\215\027\204\325\067\363\003\175\354\160\376\127\213\121\232\231 -\346\020\327\260 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\001\136\330\153\275\157\075\216\241\061\370\022\340\230\163\152 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162 -\165\163\164\040\111\156\143\056\061\071\060\067\006\003\125\004 -\013\023\060\050\143\051\040\062\060\060\067\040\107\145\157\124 -\162\165\163\164\040\111\156\143\056\040\055\040\106\157\162\040 -\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 -\156\154\171\061\066\060\064\006\003\125\004\003\023\055\107\145 -\157\124\162\165\163\164\040\120\162\151\155\141\162\171\040\103 -\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164 -\150\157\162\151\164\171\040\055\040\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\074\262\364\110\012\000\342\376\353\044\073\136\140\076 -\303\153 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - - -# -# Certificate "VeriSign Universal Root Certification Authority" -# -# Issuer: CN=VeriSign Universal Root Certification Authority,OU="(c) 2008 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Serial Number:40:1a:c4:64:21:b3:13:21:03:0e:bb:e4:12:1a:c5:1d -# Subject: CN=VeriSign Universal Root Certification Authority,OU="(c) 2008 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Not Valid Before: Wed Apr 02 00:00:00 2008 -# Not Valid After : Tue Dec 01 23:59:59 2037 -# Fingerprint (SHA-256): 23:99:56:11:27:A5:71:25:DE:8C:EF:EA:61:0D:DF:2F:A0:78:B5:C8:06:7F:4E:82:82:90:BF:B8:60:E8:4B:3C -# Fingerprint (SHA1): 36:79:CA:35:66:87:72:30:4D:30:A5:FB:87:3B:0F:A7:7B:B7:0D:54 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "VeriSign Universal Root Certification Authority" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\275\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 -\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 -\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 -\125\004\013\023\061\050\143\051\040\062\060\060\070\040\126\145 -\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 -\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 -\145\040\157\156\154\171\061\070\060\066\006\003\125\004\003\023 -\057\126\145\162\151\123\151\147\156\040\125\156\151\166\145\162 -\163\141\154\040\122\157\157\164\040\103\145\162\164\151\146\151 -\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\275\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 -\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 -\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 -\125\004\013\023\061\050\143\051\040\062\060\060\070\040\126\145 -\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 -\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 -\145\040\157\156\154\171\061\070\060\066\006\003\125\004\003\023 -\057\126\145\162\151\123\151\147\156\040\125\156\151\166\145\162 -\163\141\154\040\122\157\157\164\040\103\145\162\164\151\146\151 -\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\100\032\304\144\041\263\023\041\003\016\273\344\022\032 -\305\035 +\002\020\100\032\304\144\041\263\023\041\003\016\273\344\022\032 +\305\035 END CKA_VALUE MULTILINE_OCTAL \060\202\004\271\060\202\003\241\240\003\002\001\002\002\020\100 @@ -15262,330 +14349,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "thawte Primary Root CA - G3" -# -# Issuer: CN=thawte Primary Root CA - G3,OU="(c) 2008 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US -# Serial Number:60:01:97:b7:46:a7:ea:b4:b4:9a:d6:4b:2f:f7:90:fb -# Subject: CN=thawte Primary Root CA - G3,OU="(c) 2008 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US -# Not Valid Before: Wed Apr 02 00:00:00 2008 -# Not Valid After : Tue Dec 01 23:59:59 2037 -# Fingerprint (SHA-256): 4B:03:F4:58:07:AD:70:F2:1B:FC:2C:AE:71:C9:FD:E4:60:4C:06:4C:F5:FF:B6:86:BA:E5:DB:AA:D7:FD:D3:4C -# Fingerprint (SHA1): F1:8B:53:8D:1B:E9:03:B6:A6:F0:56:43:5B:17:15:89:CA:F3:6B:F2 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "thawte Primary Root CA - G3" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164 -\145\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013 -\023\037\103\145\162\164\151\146\151\143\141\164\151\157\156\040 -\123\145\162\166\151\143\145\163\040\104\151\166\151\163\151\157 -\156\061\070\060\066\006\003\125\004\013\023\057\050\143\051\040 -\062\060\060\070\040\164\150\141\167\164\145\054\040\111\156\143 -\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151\172 -\145\144\040\165\163\145\040\157\156\154\171\061\044\060\042\006 -\003\125\004\003\023\033\164\150\141\167\164\145\040\120\162\151 -\155\141\162\171\040\122\157\157\164\040\103\101\040\055\040\107 -\063 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164 -\145\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013 -\023\037\103\145\162\164\151\146\151\143\141\164\151\157\156\040 -\123\145\162\166\151\143\145\163\040\104\151\166\151\163\151\157 -\156\061\070\060\066\006\003\125\004\013\023\057\050\143\051\040 -\062\060\060\070\040\164\150\141\167\164\145\054\040\111\156\143 -\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151\172 -\145\144\040\165\163\145\040\157\156\154\171\061\044\060\042\006 -\003\125\004\003\023\033\164\150\141\167\164\145\040\120\162\151 -\155\141\162\171\040\122\157\157\164\040\103\101\040\055\040\107 -\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\140\001\227\267\106\247\352\264\264\232\326\113\057\367 -\220\373 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\052\060\202\003\022\240\003\002\001\002\002\020\140 -\001\227\267\106\247\352\264\264\232\326\113\057\367\220\373\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\201 -\256\061\013\060\011\006\003\125\004\006\023\002\125\123\061\025 -\060\023\006\003\125\004\012\023\014\164\150\141\167\164\145\054 -\040\111\156\143\056\061\050\060\046\006\003\125\004\013\023\037 -\103\145\162\164\151\146\151\143\141\164\151\157\156\040\123\145 -\162\166\151\143\145\163\040\104\151\166\151\163\151\157\156\061 -\070\060\066\006\003\125\004\013\023\057\050\143\051\040\062\060 -\060\070\040\164\150\141\167\164\145\054\040\111\156\143\056\040 -\055\040\106\157\162\040\141\165\164\150\157\162\151\172\145\144 -\040\165\163\145\040\157\156\154\171\061\044\060\042\006\003\125 -\004\003\023\033\164\150\141\167\164\145\040\120\162\151\155\141 -\162\171\040\122\157\157\164\040\103\101\040\055\040\107\063\060 -\036\027\015\060\070\060\064\060\062\060\060\060\060\060\060\132 -\027\015\063\067\061\062\060\061\062\063\065\071\065\071\132\060 -\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164\145 -\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013\023 -\037\103\145\162\164\151\146\151\143\141\164\151\157\156\040\123 -\145\162\166\151\143\145\163\040\104\151\166\151\163\151\157\156 -\061\070\060\066\006\003\125\004\013\023\057\050\143\051\040\062 -\060\060\070\040\164\150\141\167\164\145\054\040\111\156\143\056 -\040\055\040\106\157\162\040\141\165\164\150\157\162\151\172\145 -\144\040\165\163\145\040\157\156\154\171\061\044\060\042\006\003 -\125\004\003\023\033\164\150\141\167\164\145\040\120\162\151\155 -\141\162\171\040\122\157\157\164\040\103\101\040\055\040\107\063 -\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001 -\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001 -\000\262\277\047\054\373\333\330\133\335\170\173\033\236\167\146 -\201\313\076\274\174\256\363\246\047\232\064\243\150\061\161\070 -\063\142\344\363\161\146\171\261\251\145\243\245\213\325\217\140 -\055\077\102\314\252\153\062\300\043\313\054\101\335\344\337\374 -\141\234\342\163\262\042\225\021\103\030\137\304\266\037\127\154 -\012\005\130\042\310\066\114\072\174\245\321\317\206\257\210\247 -\104\002\023\164\161\163\012\102\131\002\370\033\024\153\102\337 -\157\137\272\153\202\242\235\133\347\112\275\036\001\162\333\113 -\164\350\073\177\177\175\037\004\264\046\233\340\264\132\254\107 -\075\125\270\327\260\046\122\050\001\061\100\146\330\331\044\275 -\366\052\330\354\041\111\134\233\366\172\351\177\125\065\176\226 -\153\215\223\223\047\313\222\273\352\254\100\300\237\302\370\200 -\317\135\364\132\334\316\164\206\246\076\154\013\123\312\275\222 -\316\031\006\162\346\014\134\070\151\307\004\326\274\154\316\133 -\366\367\150\234\334\045\025\110\210\241\351\251\370\230\234\340 -\363\325\061\050\141\021\154\147\226\215\071\231\313\302\105\044 -\071\002\003\001\000\001\243\102\060\100\060\017\006\003\125\035 -\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003\125 -\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003\125 -\035\016\004\026\004\024\255\154\252\224\140\234\355\344\377\372 -\076\012\164\053\143\003\367\266\131\277\060\015\006\011\052\206 -\110\206\367\015\001\001\013\005\000\003\202\001\001\000\032\100 -\330\225\145\254\011\222\211\306\071\364\020\345\251\016\146\123 -\135\170\336\372\044\221\273\347\104\121\337\306\026\064\012\357 -\152\104\121\352\053\007\212\003\172\303\353\077\012\054\122\026 -\240\053\103\271\045\220\077\160\251\063\045\155\105\032\050\073 -\047\317\252\303\051\102\033\337\073\114\300\063\064\133\101\210 -\277\153\053\145\257\050\357\262\365\303\252\146\316\173\126\356 -\267\310\313\147\301\311\234\032\030\270\304\303\111\003\361\140 -\016\120\315\106\305\363\167\171\367\266\025\340\070\333\307\057 -\050\240\014\077\167\046\164\331\045\022\332\061\332\032\036\334 -\051\101\221\042\074\151\247\273\002\362\266\134\047\003\211\364 -\006\352\233\344\162\202\343\241\011\301\351\000\031\323\076\324 -\160\153\272\161\246\252\130\256\364\273\351\154\266\357\207\314 -\233\273\377\071\346\126\141\323\012\247\304\134\114\140\173\005 -\167\046\172\277\330\007\122\054\142\367\160\143\331\071\274\157 -\034\302\171\334\166\051\257\316\305\054\144\004\136\210\066\156 -\061\324\100\032\142\064\066\077\065\001\256\254\143\240 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "thawte Primary Root CA - G3" -# Issuer: CN=thawte Primary Root CA - G3,OU="(c) 2008 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US -# Serial Number:60:01:97:b7:46:a7:ea:b4:b4:9a:d6:4b:2f:f7:90:fb -# Subject: CN=thawte Primary Root CA - G3,OU="(c) 2008 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US -# Not Valid Before: Wed Apr 02 00:00:00 2008 -# Not Valid After : Tue Dec 01 23:59:59 2037 -# Fingerprint (SHA-256): 4B:03:F4:58:07:AD:70:F2:1B:FC:2C:AE:71:C9:FD:E4:60:4C:06:4C:F5:FF:B6:86:BA:E5:DB:AA:D7:FD:D3:4C -# Fingerprint (SHA1): F1:8B:53:8D:1B:E9:03:B6:A6:F0:56:43:5B:17:15:89:CA:F3:6B:F2 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "thawte Primary Root CA - G3" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\361\213\123\215\033\351\003\266\246\360\126\103\133\027\025\211 -\312\363\153\362 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\373\033\135\103\212\224\315\104\306\166\362\103\113\107\347\061 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164 -\145\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013 -\023\037\103\145\162\164\151\146\151\143\141\164\151\157\156\040 -\123\145\162\166\151\143\145\163\040\104\151\166\151\163\151\157 -\156\061\070\060\066\006\003\125\004\013\023\057\050\143\051\040 -\062\060\060\070\040\164\150\141\167\164\145\054\040\111\156\143 -\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151\172 -\145\144\040\165\163\145\040\157\156\154\171\061\044\060\042\006 -\003\125\004\003\023\033\164\150\141\167\164\145\040\120\162\151 -\155\141\162\171\040\122\157\157\164\040\103\101\040\055\040\107 -\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\140\001\227\267\106\247\352\264\264\232\326\113\057\367 -\220\373 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - - -# -# Certificate "GeoTrust Primary Certification Authority - G3" -# -# Issuer: CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US -# Serial Number:15:ac:6e:94:19:b2:79:4b:41:f6:27:a9:c3:18:0f:1f -# Subject: CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US -# Not Valid Before: Wed Apr 02 00:00:00 2008 -# Not Valid After : Tue Dec 01 23:59:59 2037 -# Fingerprint (SHA-256): B4:78:B8:12:25:0D:F8:78:63:5C:2A:A7:EC:7D:15:5E:AA:62:5E:E8:29:16:E2:CD:29:43:61:88:6C:D1:FB:D4 -# Fingerprint (SHA1): 03:9E:ED:B8:0B:E7:A0:3C:69:53:89:3B:20:D2:D9:32:3A:4C:2A:FD -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GeoTrust Primary Certification Authority - G3" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162 -\165\163\164\040\111\156\143\056\061\071\060\067\006\003\125\004 -\013\023\060\050\143\051\040\062\060\060\070\040\107\145\157\124 -\162\165\163\164\040\111\156\143\056\040\055\040\106\157\162\040 -\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 -\156\154\171\061\066\060\064\006\003\125\004\003\023\055\107\145 -\157\124\162\165\163\164\040\120\162\151\155\141\162\171\040\103 -\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164 -\150\157\162\151\164\171\040\055\040\107\063 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162 -\165\163\164\040\111\156\143\056\061\071\060\067\006\003\125\004 -\013\023\060\050\143\051\040\062\060\060\070\040\107\145\157\124 -\162\165\163\164\040\111\156\143\056\040\055\040\106\157\162\040 -\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 -\156\154\171\061\066\060\064\006\003\125\004\003\023\055\107\145 -\157\124\162\165\163\164\040\120\162\151\155\141\162\171\040\103 -\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164 -\150\157\162\151\164\171\040\055\040\107\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\025\254\156\224\031\262\171\113\101\366\047\251\303\030 -\017\037 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\376\060\202\002\346\240\003\002\001\002\002\020\025 -\254\156\224\031\262\171\113\101\366\047\251\303\030\017\037\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\201 -\230\061\013\060\011\006\003\125\004\006\023\002\125\123\061\026 -\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165\163 -\164\040\111\156\143\056\061\071\060\067\006\003\125\004\013\023 -\060\050\143\051\040\062\060\060\070\040\107\145\157\124\162\165 -\163\164\040\111\156\143\056\040\055\040\106\157\162\040\141\165 -\164\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154 -\171\061\066\060\064\006\003\125\004\003\023\055\107\145\157\124 -\162\165\163\164\040\120\162\151\155\141\162\171\040\103\145\162 -\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157 -\162\151\164\171\040\055\040\107\063\060\036\027\015\060\070\060 -\064\060\062\060\060\060\060\060\060\132\027\015\063\067\061\062 -\060\061\062\063\065\071\065\071\132\060\201\230\061\013\060\011 -\006\003\125\004\006\023\002\125\123\061\026\060\024\006\003\125 -\004\012\023\015\107\145\157\124\162\165\163\164\040\111\156\143 -\056\061\071\060\067\006\003\125\004\013\023\060\050\143\051\040 -\062\060\060\070\040\107\145\157\124\162\165\163\164\040\111\156 -\143\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151 -\172\145\144\040\165\163\145\040\157\156\154\171\061\066\060\064 -\006\003\125\004\003\023\055\107\145\157\124\162\165\163\164\040 -\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151\143 -\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040 -\055\040\107\063\060\202\001\042\060\015\006\011\052\206\110\206 -\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012 -\002\202\001\001\000\334\342\136\142\130\035\063\127\071\062\063 -\372\353\313\207\214\247\324\112\335\006\210\352\144\216\061\230 -\245\070\220\036\230\317\056\143\053\360\106\274\104\262\211\241 -\300\050\014\111\160\041\225\237\144\300\246\223\022\002\145\046 -\206\306\245\211\360\372\327\204\240\160\257\117\032\227\077\006 -\104\325\311\353\162\020\175\344\061\050\373\034\141\346\050\007 -\104\163\222\042\151\247\003\210\154\235\143\310\122\332\230\047 -\347\010\114\160\076\264\311\022\301\305\147\203\135\063\363\003 -\021\354\152\320\123\342\321\272\066\140\224\200\273\141\143\154 -\133\027\176\337\100\224\036\253\015\302\041\050\160\210\377\326 -\046\154\154\140\004\045\116\125\176\175\357\277\224\110\336\267 -\035\335\160\215\005\137\210\245\233\362\302\356\352\321\100\101 -\155\142\070\035\126\006\305\003\107\121\040\031\374\173\020\013 -\016\142\256\166\125\277\137\167\276\076\111\001\123\075\230\045 -\003\166\044\132\035\264\333\211\352\171\345\266\263\073\077\272 -\114\050\101\177\006\254\152\216\301\320\366\005\035\175\346\102 -\206\343\245\325\107\002\003\001\000\001\243\102\060\100\060\017 -\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060 -\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060 -\035\006\003\125\035\016\004\026\004\024\304\171\312\216\241\116 -\003\035\034\334\153\333\061\133\224\076\077\060\177\055\060\015 -\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202\001 -\001\000\055\305\023\317\126\200\173\172\170\275\237\256\054\231 -\347\357\332\337\224\136\011\151\247\347\156\150\214\275\162\276 -\107\251\016\227\022\270\112\361\144\323\071\337\045\064\324\301 -\315\116\201\360\017\004\304\044\263\064\226\306\246\252\060\337 -\150\141\163\327\371\216\205\211\357\016\136\225\050\112\052\047 -\217\020\216\056\174\206\304\002\236\332\014\167\145\016\104\015 -\222\375\375\263\026\066\372\021\015\035\214\016\007\211\152\051 -\126\367\162\364\335\025\234\167\065\146\127\253\023\123\330\216 -\301\100\305\327\023\026\132\162\307\267\151\001\304\172\261\203 -\001\150\175\215\101\241\224\030\301\045\134\374\360\376\203\002 -\207\174\015\015\317\056\010\134\112\100\015\076\354\201\141\346 -\044\333\312\340\016\055\007\262\076\126\334\215\365\101\205\007 -\110\233\014\013\313\111\077\175\354\267\375\313\215\147\211\032 -\253\355\273\036\243\000\010\010\027\052\202\134\061\135\106\212 -\055\017\206\233\164\331\105\373\324\100\261\172\252\150\055\206 -\262\231\042\341\301\053\307\234\370\363\137\250\202\022\353\031 -\021\055 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "GeoTrust Primary Certification Authority - G3" -# Issuer: CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US -# Serial Number:15:ac:6e:94:19:b2:79:4b:41:f6:27:a9:c3:18:0f:1f -# Subject: CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US -# Not Valid Before: Wed Apr 02 00:00:00 2008 -# Not Valid After : Tue Dec 01 23:59:59 2037 -# Fingerprint (SHA-256): B4:78:B8:12:25:0D:F8:78:63:5C:2A:A7:EC:7D:15:5E:AA:62:5E:E8:29:16:E2:CD:29:43:61:88:6C:D1:FB:D4 -# Fingerprint (SHA1): 03:9E:ED:B8:0B:E7:A0:3C:69:53:89:3B:20:D2:D9:32:3A:4C:2A:FD -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GeoTrust Primary Certification Authority - G3" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\003\236\355\270\013\347\240\074\151\123\211\073\040\322\331\062 -\072\114\052\375 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\265\350\064\066\311\020\104\130\110\160\155\056\203\324\270\005 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162 -\165\163\164\040\111\156\143\056\061\071\060\067\006\003\125\004 -\013\023\060\050\143\051\040\062\060\060\070\040\107\145\157\124 -\162\165\163\164\040\111\156\143\056\040\055\040\106\157\162\040 -\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 -\156\154\171\061\066\060\064\006\003\125\004\003\023\055\107\145 -\157\124\162\165\163\164\040\120\162\151\155\141\162\171\040\103 -\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164 -\150\157\162\151\164\171\040\055\040\107\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\025\254\156\224\031\262\171\113\101\366\047\251\303\030 -\017\037 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - - # # Certificate "Chambers of Commerce Root - 2008" # @@ -17071,177 +15834,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "Izenpe.com" -# -# Issuer: CN=Izenpe.com,O=IZENPE S.A.,C=ES -# Serial Number:06:e8:46:27:2f:1f:0a:8f:d1:84:5c:e3:69:f6:d5 -# Subject: CN=Izenpe.com,O=IZENPE S.A.,C=ES -# Not Valid Before: Thu Dec 13 13:08:27 2007 -# Not Valid After : Sun Dec 13 08:27:25 2037 -# Fingerprint (SHA-256): 23:80:42:03:CA:45:D8:CD:E7:16:B8:C1:3B:F3:B4:48:45:7F:A0:6C:C1:02:50:99:7F:A0:14:58:31:7C:41:E5 -# Fingerprint (SHA1): 30:77:9E:93:15:02:2E:94:85:6A:3F:F8:BC:F8:15:B0:82:F9:AE:FD -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Izenpe.com" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\070\061\013\060\011\006\003\125\004\006\023\002\105\123\061 -\024\060\022\006\003\125\004\012\014\013\111\132\105\116\120\105 -\040\123\056\101\056\061\023\060\021\006\003\125\004\003\014\012 -\111\172\145\156\160\145\056\143\157\155 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\070\061\013\060\011\006\003\125\004\006\023\002\105\123\061 -\024\060\022\006\003\125\004\012\014\013\111\132\105\116\120\105 -\040\123\056\101\056\061\023\060\021\006\003\125\004\003\014\012 -\111\172\145\156\160\145\056\143\157\155 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\017\006\350\106\047\057\037\012\217\321\204\134\343\151\366 -\325 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\360\060\202\003\330\240\003\002\001\002\002\017\006 -\350\106\047\057\037\012\217\321\204\134\343\151\366\325\060\015 -\006\011\052\206\110\206\367\015\001\001\005\005\000\060\070\061 -\013\060\011\006\003\125\004\006\023\002\105\123\061\024\060\022 -\006\003\125\004\012\014\013\111\132\105\116\120\105\040\123\056 -\101\056\061\023\060\021\006\003\125\004\003\014\012\111\172\145 -\156\160\145\056\143\157\155\060\036\027\015\060\067\061\062\061 -\063\061\063\060\070\062\067\132\027\015\063\067\061\062\061\063 -\060\070\062\067\062\065\132\060\070\061\013\060\011\006\003\125 -\004\006\023\002\105\123\061\024\060\022\006\003\125\004\012\014 -\013\111\132\105\116\120\105\040\123\056\101\056\061\023\060\021 -\006\003\125\004\003\014\012\111\172\145\156\160\145\056\143\157 -\155\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001 -\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002 -\001\000\311\323\172\312\017\036\254\247\206\350\026\145\152\261 -\302\033\105\062\161\225\331\376\020\133\314\257\347\245\171\001 -\217\211\303\312\362\125\161\367\167\276\167\224\363\162\244\054 -\104\330\236\222\233\024\072\241\347\044\220\012\012\126\216\305 -\330\046\224\341\331\110\341\055\076\332\012\162\335\243\231\025 -\332\201\242\207\364\173\156\046\167\211\130\255\326\353\014\262 -\101\172\163\156\155\333\172\170\101\351\010\210\022\176\207\056 -\146\021\143\154\124\373\074\235\162\300\274\056\377\302\267\335 -\015\166\343\072\327\367\264\150\276\242\365\343\201\156\301\106 -\157\135\215\340\115\306\124\125\211\032\063\061\012\261\127\271 -\243\212\230\303\354\073\064\305\225\101\151\176\165\302\074\040 -\305\141\272\121\107\240\040\220\223\241\220\113\363\116\174\205 -\105\124\232\321\005\046\101\260\265\115\035\063\276\304\003\310 -\045\174\301\160\333\073\364\011\055\124\047\110\254\057\341\304 -\254\076\310\313\222\114\123\071\067\043\354\323\001\371\340\011 -\104\115\115\144\300\341\015\132\207\042\274\255\033\243\376\046 -\265\025\363\247\374\204\031\351\354\241\210\264\104\151\204\203 -\363\211\321\164\006\251\314\013\326\302\336\047\205\120\046\312 -\027\270\311\172\207\126\054\032\001\036\154\276\023\255\020\254 -\265\044\365\070\221\241\326\113\332\361\273\322\336\107\265\361 -\274\201\366\131\153\317\031\123\351\215\025\313\112\313\251\157 -\104\345\033\101\317\341\206\247\312\320\152\237\274\114\215\006 -\063\132\242\205\345\220\065\240\142\134\026\116\360\343\242\372 -\003\032\264\054\161\263\130\054\336\173\013\333\032\017\353\336 -\041\037\006\167\006\003\260\311\357\231\374\300\271\117\013\206 -\050\376\322\271\352\343\332\245\303\107\151\022\340\333\360\366 -\031\213\355\173\160\327\002\326\355\207\030\050\054\004\044\114 -\167\344\110\212\032\306\073\232\324\017\312\372\165\322\001\100 -\132\215\171\277\213\317\113\317\252\026\301\225\344\255\114\212 -\076\027\221\324\261\142\345\202\345\200\004\244\003\176\215\277 -\332\177\242\017\227\117\014\323\015\373\327\321\345\162\176\034 -\310\167\377\133\232\017\267\256\005\106\345\361\250\026\354\107 -\244\027\002\003\001\000\001\243\201\366\060\201\363\060\201\260 -\006\003\125\035\021\004\201\250\060\201\245\201\017\151\156\146 -\157\100\151\172\145\156\160\145\056\143\157\155\244\201\221\060 -\201\216\061\107\060\105\006\003\125\004\012\014\076\111\132\105 -\116\120\105\040\123\056\101\056\040\055\040\103\111\106\040\101 -\060\061\063\063\067\062\066\060\055\122\115\145\162\143\056\126 -\151\164\157\162\151\141\055\107\141\163\164\145\151\172\040\124 -\061\060\065\065\040\106\066\062\040\123\070\061\103\060\101\006 -\003\125\004\011\014\072\101\166\144\141\040\144\145\154\040\115 -\145\144\151\164\145\162\162\141\156\145\157\040\105\164\157\162 -\142\151\144\145\141\040\061\064\040\055\040\060\061\060\061\060 -\040\126\151\164\157\162\151\141\055\107\141\163\164\145\151\172 -\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001 -\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001 -\006\060\035\006\003\125\035\016\004\026\004\024\035\034\145\016 -\250\362\045\173\264\221\317\344\261\261\346\275\125\164\154\005 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003 -\202\002\001\000\307\201\106\157\041\030\117\240\005\357\347\325 -\272\227\120\242\140\355\245\222\024\032\122\233\371\361\210\112 -\240\334\170\165\321\325\037\225\116\305\347\267\151\346\042\364 -\370\051\250\052\211\276\317\317\166\217\343\061\163\235\046\323 -\034\033\107\026\051\007\150\204\212\322\373\261\033\044\076\322 -\230\030\054\044\216\257\366\173\352\104\026\033\052\304\372\240 -\227\351\352\154\130\244\357\165\253\000\142\321\235\355\023\066 -\333\042\013\266\360\321\364\156\173\106\207\302\235\274\275\276 -\102\073\267\163\320\232\052\074\264\133\022\026\000\257\031\071 -\215\255\203\120\034\310\201\117\275\002\017\075\236\065\226\356 -\357\344\302\003\174\051\034\002\176\275\064\047\136\257\123\326 -\235\027\277\127\154\351\320\203\020\257\277\135\115\357\220\173 -\135\053\254\354\352\175\000\046\027\314\002\134\143\327\031\030 -\247\354\053\307\212\076\130\016\212\207\346\203\237\116\262\064 -\036\254\124\011\117\035\002\013\071\176\201\010\025\271\240\151 -\023\310\062\053\343\255\154\023\326\203\235\043\055\262\155\242 -\210\206\176\250\015\001\046\011\100\331\355\050\116\214\223\044 -\017\333\361\036\115\172\172\132\342\245\130\361\334\217\137\231 -\202\014\056\317\262\335\230\314\222\224\077\371\011\263\245\226 -\045\133\067\365\022\205\101\342\031\114\306\212\010\301\334\030 -\172\017\036\077\202\131\242\232\076\077\371\340\011\237\375\301 -\221\113\135\311\173\326\266\211\374\337\035\174\206\252\315\003 -\362\013\122\222\361\142\157\177\207\352\253\166\311\154\120\302 -\031\202\257\252\035\365\040\050\150\056\325\374\144\067\117\317 -\245\104\304\276\162\264\214\164\264\154\247\372\362\275\164\070 -\103\053\336\257\371\334\330\340\235\237\334\075\312\245\143\104 -\277\222\242\117\114\200\034\273\032\303\232\112\004\125\115\312 -\356\046\013\034\277\002\305\144\323\236\176\322\323\221\034\113 -\242\365\034\345\027\034\015\014\122\243\221\037\234\360\041\355 -\002\224\157\251\240\111\312\350\103\214\304\364\064\332\174\042 -\243\306\146\076\270\033\005\210\135\272\274\367\274\345\334\024 -\075\247\206\250\266\131\122\041\003\136\213\343\004\355\113\052 -\036\243\117\120 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Izenpe.com" -# Issuer: CN=Izenpe.com,O=IZENPE S.A.,C=ES -# Serial Number:06:e8:46:27:2f:1f:0a:8f:d1:84:5c:e3:69:f6:d5 -# Subject: CN=Izenpe.com,O=IZENPE S.A.,C=ES -# Not Valid Before: Thu Dec 13 13:08:27 2007 -# Not Valid After : Sun Dec 13 08:27:25 2037 -# Fingerprint (SHA-256): 23:80:42:03:CA:45:D8:CD:E7:16:B8:C1:3B:F3:B4:48:45:7F:A0:6C:C1:02:50:99:7F:A0:14:58:31:7C:41:E5 -# Fingerprint (SHA1): 30:77:9E:93:15:02:2E:94:85:6A:3F:F8:BC:F8:15:B0:82:F9:AE:FD -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Izenpe.com" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\060\167\236\223\025\002\056\224\205\152\077\370\274\370\025\260 -\202\371\256\375 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\207\024\253\203\304\004\033\361\223\307\120\342\327\041\353\357 -END -CKA_ISSUER MULTILINE_OCTAL -\060\070\061\013\060\011\006\003\125\004\006\023\002\105\123\061 -\024\060\022\006\003\125\004\012\014\013\111\132\105\116\120\105 -\040\123\056\101\056\061\023\060\021\006\003\125\004\003\014\012 -\111\172\145\156\160\145\056\143\157\155 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\017\006\350\106\047\057\037\012\217\321\204\134\343\151\366 -\325 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - - # # Certificate "GlobalSign Root CA - R1" # @@ -18724,143 +17316,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "GeoTrust" -# -# Issuer: CN=GeoTrust Primary Certification Authority,O=GeoTrust Inc.,C=US -# Serial Number:18:ac:b5:6a:fd:69:b6:15:3a:63:6c:af:da:fa:c4:a1 -# Subject: CN=GeoTrust Primary Certification Authority,O=GeoTrust Inc.,C=US -# Not Valid Before: Mon Nov 27 00:00:00 2006 -# Not Valid After : Wed Jul 16 23:59:59 2036 -# Fingerprint (SHA-256): 37:D5:10:06:C5:12:EA:AB:62:64:21:F1:EC:8C:92:01:3F:C5:F8:2A:E9:8E:E5:33:EB:46:19:B8:DE:B4:D0:6C -# Fingerprint (SHA1): 32:3C:11:8E:1B:F7:B8:B6:52:54:E2:E2:10:0D:D6:02:90:37:F0:96 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GeoTrust" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\130\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165 -\163\164\040\111\156\143\056\061\061\060\057\006\003\125\004\003 -\023\050\107\145\157\124\162\165\163\164\040\120\162\151\155\141 -\162\171\040\103\145\162\164\151\146\151\143\141\164\151\157\156 -\040\101\165\164\150\157\162\151\164\171 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\130\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165 -\163\164\040\111\156\143\056\061\061\060\057\006\003\125\004\003 -\023\050\107\145\157\124\162\165\163\164\040\120\162\151\155\141 -\162\171\040\103\145\162\164\151\146\151\143\141\164\151\157\156 -\040\101\165\164\150\157\162\151\164\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\030\254\265\152\375\151\266\025\072\143\154\257\332\372 -\304\241 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\174\060\202\002\144\240\003\002\001\002\002\020\030 -\254\265\152\375\151\266\025\072\143\154\257\332\372\304\241\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\130 -\061\013\060\011\006\003\125\004\006\023\002\125\123\061\026\060 -\024\006\003\125\004\012\023\015\107\145\157\124\162\165\163\164 -\040\111\156\143\056\061\061\060\057\006\003\125\004\003\023\050 -\107\145\157\124\162\165\163\164\040\120\162\151\155\141\162\171 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171\060\036\027\015\060\066\061\061 -\062\067\060\060\060\060\060\060\132\027\015\063\066\060\067\061 -\066\062\063\065\071\065\071\132\060\130\061\013\060\011\006\003 -\125\004\006\023\002\125\123\061\026\060\024\006\003\125\004\012 -\023\015\107\145\157\124\162\165\163\164\040\111\156\143\056\061 -\061\060\057\006\003\125\004\003\023\050\107\145\157\124\162\165 -\163\164\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\060\202\001\042\060\015\006\011\052\206\110\206\367\015 -\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202 -\001\001\000\276\270\025\173\377\324\174\175\147\255\203\144\173 -\310\102\123\055\337\366\204\010\040\141\326\001\131\152\234\104 -\021\257\357\166\375\225\176\316\141\060\273\172\203\137\002\275 -\001\146\312\356\025\215\157\241\060\234\275\241\205\236\224\072 -\363\126\210\000\061\317\330\356\152\226\002\331\355\003\214\373 -\165\155\347\352\270\125\026\005\026\232\364\340\136\261\210\300 -\144\205\134\025\115\210\307\267\272\340\165\351\255\005\075\235 -\307\211\110\340\273\050\310\003\341\060\223\144\136\122\300\131 -\160\042\065\127\210\212\361\225\012\203\327\274\061\163\001\064 -\355\357\106\161\340\153\002\250\065\162\153\227\233\146\340\313 -\034\171\137\330\032\004\150\036\107\002\346\235\140\342\066\227 -\001\337\316\065\222\337\276\147\307\155\167\131\073\217\235\326 -\220\025\224\274\102\064\020\301\071\371\261\047\076\176\326\212 -\165\305\262\257\226\323\242\336\233\344\230\276\175\341\351\201 -\255\266\157\374\327\016\332\340\064\260\015\032\167\347\343\010 -\230\357\130\372\234\204\267\066\257\302\337\254\322\364\020\006 -\160\161\065\002\003\001\000\001\243\102\060\100\060\017\006\003 -\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006 -\003\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006 -\003\125\035\016\004\026\004\024\054\325\120\101\227\025\213\360 -\217\066\141\133\112\373\153\331\231\311\063\222\060\015\006\011 -\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001\000 -\132\160\177\054\335\267\064\117\365\206\121\251\046\276\113\270 -\252\361\161\015\334\141\307\240\352\064\036\172\167\017\004\065 -\350\047\217\154\220\277\221\026\044\106\076\112\116\316\053\026 -\325\013\122\035\374\037\147\242\002\105\061\117\316\363\372\003 -\247\171\235\123\152\331\332\143\072\370\200\327\323\231\341\245 -\341\276\324\125\161\230\065\072\276\223\352\256\255\102\262\220 -\157\340\374\041\115\065\143\063\211\111\326\233\116\312\307\347 -\116\011\000\367\332\307\357\231\142\231\167\266\225\042\136\212 -\240\253\364\270\170\230\312\070\031\231\311\162\236\170\315\113 -\254\257\031\240\163\022\055\374\302\101\272\201\221\332\026\132 -\061\267\371\264\161\200\022\110\231\162\163\132\131\123\301\143 -\122\063\355\247\311\322\071\002\160\372\340\261\102\146\051\252 -\233\121\355\060\124\042\024\137\331\253\035\301\344\224\360\370 -\365\053\367\352\312\170\106\326\270\221\375\246\015\053\032\024 -\001\076\200\360\102\240\225\007\136\155\315\314\113\244\105\215 -\253\022\350\263\336\132\345\240\174\350\017\042\035\132\351\131 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "GeoTrust" -# Issuer: CN=GeoTrust Primary Certification Authority,O=GeoTrust Inc.,C=US -# Serial Number:18:ac:b5:6a:fd:69:b6:15:3a:63:6c:af:da:fa:c4:a1 -# Subject: CN=GeoTrust Primary Certification Authority,O=GeoTrust Inc.,C=US -# Not Valid Before: Mon Nov 27 00:00:00 2006 -# Not Valid After : Wed Jul 16 23:59:59 2036 -# Fingerprint (SHA-256): 37:D5:10:06:C5:12:EA:AB:62:64:21:F1:EC:8C:92:01:3F:C5:F8:2A:E9:8E:E5:33:EB:46:19:B8:DE:B4:D0:6C -# Fingerprint (SHA1): 32:3C:11:8E:1B:F7:B8:B6:52:54:E2:E2:10:0D:D6:02:90:37:F0:96 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GeoTrust" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\062\074\021\216\033\367\270\266\122\124\342\342\020\015\326\002 -\220\067\360\226 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\002\046\303\001\136\010\060\067\103\251\320\175\317\067\346\277 -END -CKA_ISSUER MULTILINE_OCTAL -\060\130\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165 -\163\164\040\111\156\143\056\061\061\060\057\006\003\125\004\003 -\023\050\107\145\157\124\162\165\163\164\040\120\162\151\155\141 -\162\171\040\103\145\162\164\151\146\151\143\141\164\151\157\156 -\040\101\165\164\150\157\162\151\164\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\030\254\265\152\375\151\266\025\072\143\154\257\332\372 -\304\241 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - - # # Certificate "thawte" # @@ -21696,134 +20151,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "Hongkong Post Root CA 1" -# -# Issuer: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK -# Serial Number: 1000 (0x3e8) -# Subject: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK -# Not Valid Before: Thu May 15 05:13:14 2003 -# Not Valid After : Mon May 15 04:52:29 2023 -# Fingerprint (SHA-256): F9:E6:7D:33:6C:51:00:2A:C0:54:C6:32:02:2D:66:DD:A2:E7:E3:FF:F1:0A:D0:61:ED:31:D8:BB:B4:10:CF:B2 -# Fingerprint (SHA1): D6:DA:A8:20:8D:09:D2:15:4D:24:B5:2F:CB:34:6E:B2:58:B2:8A:58 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Hongkong Post Root CA 1" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\107\061\013\060\011\006\003\125\004\006\023\002\110\113\061 -\026\060\024\006\003\125\004\012\023\015\110\157\156\147\153\157 -\156\147\040\120\157\163\164\061\040\060\036\006\003\125\004\003 -\023\027\110\157\156\147\153\157\156\147\040\120\157\163\164\040 -\122\157\157\164\040\103\101\040\061 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\107\061\013\060\011\006\003\125\004\006\023\002\110\113\061 -\026\060\024\006\003\125\004\012\023\015\110\157\156\147\153\157 -\156\147\040\120\157\163\164\061\040\060\036\006\003\125\004\003 -\023\027\110\157\156\147\153\157\156\147\040\120\157\163\164\040 -\122\157\157\164\040\103\101\040\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\002\003\350 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\060\060\202\002\030\240\003\002\001\002\002\002\003 -\350\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000 -\060\107\061\013\060\011\006\003\125\004\006\023\002\110\113\061 -\026\060\024\006\003\125\004\012\023\015\110\157\156\147\153\157 -\156\147\040\120\157\163\164\061\040\060\036\006\003\125\004\003 -\023\027\110\157\156\147\153\157\156\147\040\120\157\163\164\040 -\122\157\157\164\040\103\101\040\061\060\036\027\015\060\063\060 -\065\061\065\060\065\061\063\061\064\132\027\015\062\063\060\065 -\061\065\060\064\065\062\062\071\132\060\107\061\013\060\011\006 -\003\125\004\006\023\002\110\113\061\026\060\024\006\003\125\004 -\012\023\015\110\157\156\147\153\157\156\147\040\120\157\163\164 -\061\040\060\036\006\003\125\004\003\023\027\110\157\156\147\153 -\157\156\147\040\120\157\163\164\040\122\157\157\164\040\103\101 -\040\061\060\202\001\042\060\015\006\011\052\206\110\206\367\015 -\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202 -\001\001\000\254\377\070\266\351\146\002\111\343\242\264\341\220 -\371\100\217\171\371\342\275\171\376\002\275\356\044\222\035\042 -\366\332\205\162\151\376\327\077\011\324\335\221\265\002\234\320 -\215\132\341\125\303\120\206\271\051\046\302\343\331\240\361\151 -\003\050\040\200\105\042\055\126\247\073\124\225\126\042\131\037 -\050\337\037\040\075\155\242\066\276\043\240\261\156\265\261\047 -\077\071\123\011\352\253\152\350\164\262\302\145\134\216\277\174 -\303\170\204\315\236\026\374\365\056\117\040\052\010\237\167\363 -\305\036\304\232\122\146\036\110\136\343\020\006\217\042\230\341 -\145\216\033\135\043\146\073\270\245\062\121\310\206\252\241\251 -\236\177\166\224\302\246\154\267\101\360\325\310\006\070\346\324 -\014\342\363\073\114\155\120\214\304\203\047\301\023\204\131\075 -\236\165\164\266\330\002\136\072\220\172\300\102\066\162\354\152 -\115\334\357\304\000\337\023\030\127\137\046\170\310\326\012\171 -\167\277\367\257\267\166\271\245\013\204\027\135\020\352\157\341 -\253\225\021\137\155\074\243\134\115\203\133\362\263\031\212\200 -\213\013\207\002\003\001\000\001\243\046\060\044\060\022\006\003 -\125\035\023\001\001\377\004\010\060\006\001\001\377\002\001\003 -\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\306 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003 -\202\001\001\000\016\106\325\074\256\342\207\331\136\201\213\002 -\230\101\010\214\114\274\332\333\356\047\033\202\347\152\105\354 -\026\213\117\205\240\363\262\160\275\132\226\272\312\156\155\356 -\106\213\156\347\052\056\226\263\031\063\353\264\237\250\262\067 -\356\230\250\227\266\056\266\147\047\324\246\111\375\034\223\145 -\166\236\102\057\334\042\154\232\117\362\132\025\071\261\161\327 -\053\121\350\155\034\230\300\331\052\364\241\202\173\325\311\101 -\242\043\001\164\070\125\213\017\271\056\147\242\040\004\067\332 -\234\013\323\027\041\340\217\227\171\064\157\204\110\002\040\063 -\033\346\064\104\237\221\160\364\200\136\204\103\302\051\322\154 -\022\024\344\141\215\254\020\220\236\204\120\273\360\226\157\105 -\237\212\363\312\154\117\372\021\072\025\025\106\303\315\037\203 -\133\055\101\022\355\120\147\101\023\075\041\253\224\212\252\116 -\174\301\261\373\247\326\265\047\057\227\253\156\340\035\342\321 -\034\054\037\104\342\374\276\221\241\234\373\326\051\123\163\206 -\237\123\330\103\016\135\326\143\202\161\035\200\164\312\366\342 -\002\153\331\132 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Hongkong Post Root CA 1" -# Issuer: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK -# Serial Number: 1000 (0x3e8) -# Subject: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK -# Not Valid Before: Thu May 15 05:13:14 2003 -# Not Valid After : Mon May 15 04:52:29 2023 -# Fingerprint (SHA-256): F9:E6:7D:33:6C:51:00:2A:C0:54:C6:32:02:2D:66:DD:A2:E7:E3:FF:F1:0A:D0:61:ED:31:D8:BB:B4:10:CF:B2 -# Fingerprint (SHA1): D6:DA:A8:20:8D:09:D2:15:4D:24:B5:2F:CB:34:6E:B2:58:B2:8A:58 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Hongkong Post Root CA 1" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\326\332\250\040\215\011\322\025\115\044\265\057\313\064\156\262 -\130\262\212\130 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\250\015\157\071\170\271\103\155\167\102\155\230\132\314\043\312 -END -CKA_ISSUER MULTILINE_OCTAL -\060\107\061\013\060\011\006\003\125\004\006\023\002\110\113\061 -\026\060\024\006\003\125\004\012\023\015\110\157\156\147\153\157 -\156\147\040\120\157\163\164\061\040\060\036\006\003\125\004\003 -\023\027\110\157\156\147\153\157\156\147\040\120\157\163\164\040 -\122\157\157\164\040\103\101\040\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\002\003\350 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - - # # Certificate "Trustis FPS Root CA" # @@ -22857,174 +21184,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "VeriSign" -# -# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Serial Number:00:9b:7e:06:49:a3:3e:62:b9:d5:ee:90:48:71:29:ef:57 -# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Not Valid Before: Fri Oct 01 00:00:00 1999 -# Not Valid After : Wed Jul 16 23:59:59 2036 -# Fingerprint (SHA-256): EB:04:CF:5E:B1:F3:9A:FA:76:2F:2B:B1:20:F2:96:CB:A5:20:C1:B9:7D:B1:58:95:65:B8:1C:B9:A1:7B:72:44 -# Fingerprint (SHA1): 13:2D:0D:45:53:4B:69:97:CD:B2:D5:C3:39:E2:55:76:60:9B:5C:C6 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "VeriSign" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 -\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 -\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 -\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145 -\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 -\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 -\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023 -\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040 -\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171\040\055\040\107\063 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 -\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 -\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 -\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145 -\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 -\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 -\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023 -\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040 -\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171\040\055\040\107\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\021\000\233\176\006\111\243\076\142\271\325\356\220\110\161 -\051\357\127 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\032\060\202\003\002\002\021\000\233\176\006\111\243 -\076\142\271\325\356\220\110\161\051\357\127\060\015\006\011\052 -\206\110\206\367\015\001\001\005\005\000\060\201\312\061\013\060 -\011\006\003\125\004\006\023\002\125\123\061\027\060\025\006\003 -\125\004\012\023\016\126\145\162\151\123\151\147\156\054\040\111 -\156\143\056\061\037\060\035\006\003\125\004\013\023\026\126\145 -\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145\164 -\167\157\162\153\061\072\060\070\006\003\125\004\013\023\061\050 -\143\051\040\061\071\071\071\040\126\145\162\151\123\151\147\156 -\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165\164 -\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154\171 -\061\105\060\103\006\003\125\004\003\023\074\126\145\162\151\123 -\151\147\156\040\103\154\141\163\163\040\063\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\063\060\036\027\015\071\071\061\060\060 -\061\060\060\060\060\060\060\132\027\015\063\066\060\067\061\066 -\062\063\065\071\065\071\132\060\201\312\061\013\060\011\006\003 -\125\004\006\023\002\125\123\061\027\060\025\006\003\125\004\012 -\023\016\126\145\162\151\123\151\147\156\054\040\111\156\143\056 -\061\037\060\035\006\003\125\004\013\023\026\126\145\162\151\123 -\151\147\156\040\124\162\165\163\164\040\116\145\164\167\157\162 -\153\061\072\060\070\006\003\125\004\013\023\061\050\143\051\040 -\061\071\071\071\040\126\145\162\151\123\151\147\156\054\040\111 -\156\143\056\040\055\040\106\157\162\040\141\165\164\150\157\162 -\151\172\145\144\040\165\163\145\040\157\156\154\171\061\105\060 -\103\006\003\125\004\003\023\074\126\145\162\151\123\151\147\156 -\040\103\154\141\163\163\040\063\040\120\165\142\154\151\143\040 -\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151\143 -\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040 -\055\040\107\063\060\202\001\042\060\015\006\011\052\206\110\206 -\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012 -\002\202\001\001\000\313\272\234\122\374\170\037\032\036\157\033 -\067\163\275\370\311\153\224\022\060\117\360\066\107\365\320\221 -\012\365\027\310\245\141\301\026\100\115\373\212\141\220\345\166 -\040\301\021\006\175\253\054\156\246\365\021\101\216\372\055\255 -\052\141\131\244\147\046\114\320\350\274\122\133\160\040\004\130 -\321\172\311\244\151\274\203\027\144\255\005\213\274\320\130\316 -\215\214\365\353\360\102\111\013\235\227\047\147\062\156\341\256 -\223\025\034\160\274\040\115\057\030\336\222\210\350\154\205\127 -\021\032\351\176\343\046\021\124\242\105\226\125\203\312\060\211 -\350\334\330\243\355\052\200\077\177\171\145\127\076\025\040\146 -\010\057\225\223\277\252\107\057\250\106\227\360\022\342\376\302 -\012\053\121\346\166\346\267\106\267\342\015\246\314\250\303\114 -\131\125\211\346\350\123\134\034\352\235\360\142\026\013\247\311 -\137\014\360\336\302\166\316\257\367\152\362\372\101\246\242\063 -\024\311\345\172\143\323\236\142\067\325\205\145\236\016\346\123 -\044\164\033\136\035\022\123\133\307\054\347\203\111\073\025\256 -\212\150\271\127\227\002\003\001\000\001\060\015\006\011\052\206 -\110\206\367\015\001\001\005\005\000\003\202\001\001\000\021\024 -\226\301\253\222\010\367\077\057\311\262\376\344\132\237\144\336 -\333\041\117\206\231\064\166\066\127\335\320\025\057\305\255\177 -\025\037\067\142\163\076\324\347\137\316\027\003\333\065\372\053 -\333\256\140\011\137\036\137\217\156\273\013\075\352\132\023\036 -\014\140\157\265\300\265\043\042\056\007\013\313\251\164\313\107 -\273\035\301\327\245\153\314\057\322\102\375\111\335\247\211\317 -\123\272\332\000\132\050\277\202\337\370\272\023\035\120\206\202 -\375\216\060\217\051\106\260\036\075\065\332\070\142\026\030\112 -\255\346\266\121\154\336\257\142\353\001\320\036\044\376\172\217 -\022\032\022\150\270\373\146\231\024\024\105\134\256\347\256\151 -\027\201\053\132\067\311\136\052\364\306\342\241\134\124\233\246 -\124\000\317\360\361\301\307\230\060\032\073\066\026\333\243\156 -\352\375\255\262\302\332\357\002\107\023\212\300\361\263\061\255 -\117\034\341\117\234\257\017\014\235\367\170\015\330\364\065\126 -\200\332\267\155\027\217\235\036\201\144\341\376\305\105\272\255 -\153\271\012\172\116\117\113\204\356\113\361\175\335\021 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "VeriSign" -# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Serial Number:00:9b:7e:06:49:a3:3e:62:b9:d5:ee:90:48:71:29:ef:57 -# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Not Valid Before: Fri Oct 01 00:00:00 1999 -# Not Valid After : Wed Jul 16 23:59:59 2036 -# Fingerprint (SHA-256): EB:04:CF:5E:B1:F3:9A:FA:76:2F:2B:B1:20:F2:96:CB:A5:20:C1:B9:7D:B1:58:95:65:B8:1C:B9:A1:7B:72:44 -# Fingerprint (SHA1): 13:2D:0D:45:53:4B:69:97:CD:B2:D5:C3:39:E2:55:76:60:9B:5C:C6 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "VeriSign" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\023\055\015\105\123\113\151\227\315\262\325\303\071\342\125\166 -\140\233\134\306 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\315\150\266\247\307\304\316\165\340\035\117\127\104\141\222\011 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 -\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 -\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 -\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145 -\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 -\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 -\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023 -\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040 -\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171\040\055\040\107\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\021\000\233\176\006\111\243\076\142\271\325\356\220\110\161 -\051\357\127 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - - # # Certificate "Microsoft Root Certificate Authority 2010" # diff --git a/SPECS/distroless-packages/distroless-packages.spec b/SPECS/distroless-packages/distroless-packages.spec index 691ce9d6ae0..bae0d9ff279 100644 --- a/SPECS/distroless-packages/distroless-packages.spec +++ b/SPECS/distroless-packages/distroless-packages.spec @@ -1,7 +1,7 @@ Summary: Metapackage with core sets of packages for distroless containers. Name: distroless-packages Version: 0.1 -Release: 4%{?dist} +Release: 3%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -28,7 +28,6 @@ Requires: %{name}-minimal = %{version}-%{release} Requires: filesystem Requires: glibc-iconv Requires: iana-etc -Requires: libgcc Requires: mariner-release Requires: openssl Requires: openssl-libs @@ -56,9 +55,6 @@ Requires: busybox %files debug %changelog -* Mon Mar 25 2024 Mandeep Plaha - 0.1-4 -- Explicitly add libgcc as a runtime dependency for distroless-base - * Wed Nov 16 2022 Mandeep Plaha - 0.1-3 - Replace prebuilt-ca-certificates-base with prebuilt-ca-certificates in minimal - Add tzdata to minimal diff --git a/SPECS/expat/expat.spec b/SPECS/expat/expat.spec index 13546efa534..c7307391618 100644 --- a/SPECS/expat/expat.spec +++ b/SPECS/expat/expat.spec @@ -2,7 +2,7 @@ Summary: An XML parser library Name: expat Version: 2.6.2 -Release: 1%{?dist} +Release: 2%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -67,12 +67,11 @@ rm -rf %{buildroot}/%{_docdir}/%{name} %{_libdir}/libexpat.so.1* %changelog +* Thu Mar 28 2024 Aditya Dubey - 2.6.2-2 +- Removed unnecessary "-p2" argument in "%%autosetup". + * Thu Mar 21 2024 Aditya Dubey - 2.6.2-1 - Upgrading to 2.6.2 to fix CVE-2023-52425 and CVE-2023-28757 -- No longer need Patch CVE-2023-52426 since 2.6.2 fixes it - -* Thu Mar 07 2024 Saul Paredes - 2.5.0-2 -- Patch CVE-2023-52426 * Wed Oct 26 2022 CBL-Mariner Servicing Account - 2.5.0-1 - Upgrade to 2.5.0 diff --git a/SPECS/kernel-mshv/kernel-mshv.spec b/SPECS/kernel-mshv/kernel-mshv.spec index 54d391a40a6..a9b97eaeb9f 100644 --- a/SPECS/kernel-mshv/kernel-mshv.spec +++ b/SPECS/kernel-mshv/kernel-mshv.spec @@ -11,7 +11,7 @@ Summary: Mariner kernel that has MSHV Host support Name: kernel-mshv Version: 5.15.126.mshv9 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 Group: Development/Tools Vendor: Microsoft Corporation @@ -248,6 +248,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner-mshv.cfg %{_includedir}/perf/perf_dlfilter.h %changelog +* Mon Apr 01 2024 Cameron Baird - 5.15.126.mshv9-3 +- Bump release to match kernel-mshv-signed package + * Mon Nov 20 2023 Rachel Menge - 5.15.126.mshv9-2 - Add cpio as BuildRequires diff --git a/SPECS/libreswan/CVE-2023-38710.patch b/SPECS/libreswan/CVE-2023-38710.patch deleted file mode 100644 index c8e92d7a331..00000000000 --- a/SPECS/libreswan/CVE-2023-38710.patch +++ /dev/null @@ -1,212 +0,0 @@ -diff --show-c-function -Naur a/programs/pluto/ikev2_create_child_sa.c b/programs/pluto/ikev2_create_child_sa.c ---- a/programs/pluto/ikev2_create_child_sa.c 2022-05-24 10:23:22.000000000 -0700 -+++ b/programs/pluto/ikev2_create_child_sa.c 2023-08-28 16:16:12.368307980 -0700 -@@ -175,80 +175,102 @@ static void emancipate_larval_ike_sa(str - release_whack(new_ike->sa.st_logger, HERE); - } - --static struct child_sa *find_v2N_REKEY_SA_child(struct ike_sa *ike, -- struct msg_digest *md) -+/* -+ * Find the Child SA identified by the v2N_REKEY_SA payload. -+ * -+ * FALSE: payload corrupt; caller should respond with the fatal -+ * v2N_INVALID_SYNTAX. -+ * -+ * TRUE, CHILD==NULL: payload ok but no matching Child SA was -+ * found. The v2N_CHILD_SA_NOT_FOUND response already recorded using -+ * information extracted from the rekey notify payload. -+ * -+ * TRUE, CHILD!=NULL: payload ok, matching Child SA found. -+ */ -+ -+static bool find_v2N_REKEY_SA_child(struct ike_sa *ike, -+ struct msg_digest *md, -+ struct child_sa **child) - { -+ *child = NULL; -+ - /* -- * Previously found by the state machine. -+ * Previously decoded and minimially validated by the state -+ * machine using ikev2_notify_desc (i.e., more validation -+ * required). - */ -+ - const struct payload_digest *rekey_sa_payload = md->pd[PD_v2N_REKEY_SA]; - if (rekey_sa_payload == NULL) { - llog_pexpect(ike->sa.st_logger, HERE, - "rekey child can't find its rekey_sa payload"); -- return NULL; -- } --#if 0 -- /* XXX: this would require a separate .pd_next link? */ -- if (rekey_sa_payload->next != NULL) { -- /* will tolerate multiple */ -- log_state(RC_LOG_SERIOUS, &ike->sa, -- "ignoring duplicate v2N_REKEY_SA in exchange"); -+ return false; - } --#endif -+ -+ const struct ikev2_notify *rekey_notify = &rekey_sa_payload->payload.v2n; - - /* -- * find old state to rekey -+ * Check the protocol. -+ * -+ * "ikev2_notify_desc" allows 0, IKE, ESP and AH; reject the -+ * first two. Will also need to check that the protocl -+ * matches that extablished by the Child SA. - */ - -- const struct ikev2_notify *rekey_notify = &rekey_sa_payload->payload.v2n; -+ if (rekey_notify->isan_protoid != PROTO_IPSEC_ESP && -+ rekey_notify->isan_protoid != PROTO_IPSEC_AH) { -+ esb_buf b; -+ llog_sa(RC_LOG, ike, -+ "CREATE_CHILD_SA IPsec SA rekey invalid Protocol ID %s", -+ enum_show(&ikev2_notify_protocol_id_names, rekey_notify->isan_protoid, &b)); -+ return false; -+ } -+ -+#ifndef ldbg_sa -+#define ldbg_sa(SA, ...) ldbg((SA)->sa.st_logger, __VA_ARGS__) -+#endif -+ - esb_buf b; -- dbg("CREATE_CHILD_SA IPsec SA rekey Protocol %s", -- enum_show(&ikev2_notify_protocol_id_names, rekey_notify->isan_protoid, &b)); -+ ldbg_sa(ike, "CREATE_CHILD_SA IPsec SA rekey Protocol %s", -+ enum_show(&ikev2_notify_protocol_id_names, rekey_notify->isan_protoid, &b)); -+ -+ /* -+ * Get the SPI. -+ * -+ * The SPI (and the protoid?) can be used to find the Child SA -+ * to rekey. -+ */ - - if (rekey_notify->isan_spisize != sizeof(ipsec_spi_t)) { -- log_state(RC_LOG, &ike->sa, -- "CREATE_CHILD_SA IPsec SA rekey invalid spi size %u", -- rekey_notify->isan_spisize); -- record_v2N_response(ike->sa.st_logger, ike, md, v2N_INVALID_SYNTAX, -- NULL/*empty data*/, ENCRYPTED_PAYLOAD); -- return NULL; -+ llog_sa(RC_LOG, ike, -+ "CREATE_CHILD_SA IPsec SA rekey invalid spi size %u", -+ rekey_notify->isan_spisize); -+ return false; - } - -- ipsec_spi_t spi = 0; -+#ifndef pbs_in_thing -+#define pbs_in_thing(PBS, THING, NAME) pbs_in_raw(PBS, &(THING), sizeof(THING), NAME) -+#endif -+ -+ ipsec_spi_t spi = 0; /* network ordered */ - struct pbs_in rekey_pbs = rekey_sa_payload->pbs; -- diag_t d = pbs_in_raw(&rekey_pbs, &spi, sizeof(spi), "SPI"); -+ diag_t d = pbs_in_thing(&rekey_pbs, spi, "SPI"); - if (d != NULL) { -+ /* for instance, truncated SPI */ - llog_diag(RC_LOG, ike->sa.st_logger, &d, "%s", ""); -- record_v2N_response(ike->sa.st_logger, ike, md, v2N_INVALID_SYNTAX, -- NULL/*empty data*/, ENCRYPTED_PAYLOAD); -- return NULL; /* cannot happen; XXX: why? */ -+ return false; - } - - if (spi == 0) { -- log_state(RC_LOG, &ike->sa, -- "CREATE_CHILD_SA IPsec SA rekey contains zero SPI"); -- record_v2N_response(ike->sa.st_logger, ike, md, v2N_INVALID_SYNTAX, -- NULL/*empty data*/, ENCRYPTED_PAYLOAD); -- return NULL; -- } -- -- if (rekey_notify->isan_protoid != PROTO_IPSEC_ESP && -- rekey_notify->isan_protoid != PROTO_IPSEC_AH) { -- esb_buf b; -- log_state(RC_LOG, &ike->sa, -- "CREATE_CHILD_SA IPsec SA rekey invalid Protocol ID %s", -- enum_show(&ikev2_notify_protocol_id_names, rekey_notify->isan_protoid, &b)); -- record_v2N_spi_response(ike->sa.st_logger, ike, md, -- rekey_notify->isan_protoid, &spi, -- v2N_CHILD_SA_NOT_FOUND, -- NULL/*empty data*/, ENCRYPTED_PAYLOAD); -- return NULL; -+ llog_sa(RC_LOG, ike, -+ "CREATE_CHILD_SA IPsec SA rekey contains zero SPI"); -+ return false; - } - - esb_buf protoesb; -- dbg("CREATE_CHILD_S to rekey IPsec SA(0x%08" PRIx32 ") Protocol %s", -- ntohl((uint32_t) spi), -- enum_show(&ikev2_notify_protocol_id_names, rekey_notify->isan_protoid, &protoesb)); -+ ldbg_sa(ike, "CREATE_CHILD_SA to rekey IPsec SA(0x%08" PRIx32 ") Protocol %s", -+ ntohl((uint32_t) spi), -+ enum_show(&ikev2_notify_protocol_id_names, rekey_notify->isan_protoid, &protoesb)); - - /* - * From 1.3.3. Rekeying Child SAs with the CREATE_CHILD_SA -@@ -257,29 +279,31 @@ static struct child_sa *find_v2N_REKEY_S - * exchange initiator would expect in inbound ESP or AH - * packets. - * -- * From our POV, that's the outbound SPI. -+ * From our, the responder's POV, that's the outbound SPI. - */ -+ - struct child_sa *replaced_child = find_v2_child_sa_by_outbound_spi(ike, rekey_notify->isan_protoid, spi); - if (replaced_child == NULL) { - esb_buf b; -- log_state(RC_LOG, &ike->sa, -- "CREATE_CHILD_SA no such IPsec SA to rekey SA(0x%08" PRIx32 ") Protocol %s", -- ntohl((uint32_t) spi), -- enum_show(&ikev2_notify_protocol_id_names, rekey_notify->isan_protoid, &b)); -+ llog_sa(RC_LOG, ike, -+ "CREATE_CHILD_SA no such IPsec SA to rekey SA(0x%08" PRIx32 ") Protocol %s", -+ ntohl((uint32_t) spi), -+ enum_show(&ikev2_notify_protocol_id_names, rekey_notify->isan_protoid, &b)); - record_v2N_spi_response(ike->sa.st_logger, ike, md, - rekey_notify->isan_protoid, &spi, - v2N_CHILD_SA_NOT_FOUND, - NULL/*empty data*/, ENCRYPTED_PAYLOAD); -- return NULL; -+ return true; - } - - connection_buf cb; -- dbg("#%lu hasa a rekey request for "PRI_CONNECTION" #%lu TSi TSr", -- ike->sa.st_serialno, -- pri_connection(replaced_child->sa.st_connection, &cb), -- replaced_child->sa.st_serialno); -+ ldbg_sa(ike, "#%lu hasa a rekey request for "PRI_CONNECTION" #%lu TSi TSr", -+ ike->sa.st_serialno, -+ pri_connection(replaced_child->sa.st_connection, &cb), -+ replaced_child->sa.st_serialno); - -- return replaced_child; -+ *child = replaced_child; -+ return true; - } - - static bool record_v2_rekey_ike_message(struct ike_sa *ike, -@@ -631,8 +655,13 @@ stf_status process_v2_CREATE_CHILD_SA_re - struct child_sa *larval_child, - struct msg_digest *md) - { -+ struct child_sa *predecessor = NULL; -+ if (!find_v2N_REKEY_SA_child(ike, md, &predecessor)) { -+ record_v2N_response(ike->sa.st_logger, ike, md, v2N_INVALID_SYNTAX, -+ NULL/*empty data*/, ENCRYPTED_PAYLOAD); -+ return STF_FATAL; -+ } - -- struct child_sa *predecessor = find_v2N_REKEY_SA_child(ike, md); - if (predecessor == NULL) { - /* already logged; already recorded */ - return STF_OK; /*IKE*/ diff --git a/SPECS/libreswan/CVE-2023-38711.patch b/SPECS/libreswan/CVE-2023-38711.patch deleted file mode 100644 index 4354a2128af..00000000000 --- a/SPECS/libreswan/CVE-2023-38711.patch +++ /dev/null @@ -1,44 +0,0 @@ -diff --show-c-function -Naur a/programs/pluto/ikev1_quick.c b/programs/pluto/ikev1_quick.c ---- a/programs/pluto/ikev1_quick.c 2022-05-24 10:23:22.000000000 -0700 -+++ b/programs/pluto/ikev1_quick.c 2023-08-28 16:14:43.012112514 -0700 -@@ -1918,6 +1918,11 @@ static struct connection *fc_try(const s - const ip_selector *local_client, - const ip_selector *remote_client) - { -+ if (selector_is_unset(local_client) || -+ selector_is_unset(remote_client)) { -+ return NULL; -+ } -+ - struct connection *best = NULL; - policy_prio_t best_prio = BOTTOM_PRIO; - const bool remote_is_host = selector_eq_address(*remote_client, -@@ -2101,6 +2106,11 @@ static struct connection *fc_try_oppo(co - const ip_selector *local_client, - const ip_selector *remote_client) - { -+ if (selector_is_unset(local_client) || -+ selector_is_unset(remote_client)) { -+ return NULL; -+ } -+ - struct connection *best = NULL; - policy_prio_t best_prio = BOTTOM_PRIO; - -@@ -2222,6 +2232,16 @@ struct connection *find_v1_client_connec - str_selectors(local_client, remote_client, &sb)); - } - -+ if (selector_is_unset(local_client)) { -+ dbg("peer's local client is not set"); -+ return NULL; -+ } -+ -+ if (selector_is_unset(remote_client)) { -+ dbg("peer's remote client is not set"); -+ return NULL; -+ } -+ - /* - * Give priority to current connection - * but even greater priority to a routed concrete connection. diff --git a/SPECS/libreswan/CVE-2023-38712.patch b/SPECS/libreswan/CVE-2023-38712.patch deleted file mode 100644 index b225d933b7b..00000000000 --- a/SPECS/libreswan/CVE-2023-38712.patch +++ /dev/null @@ -1,212 +0,0 @@ -diff --show-c-function -Naur a/programs/pluto/ikev1.c b/programs/pluto/ikev1.c ---- a/programs/pluto/ikev1.c 2022-05-24 10:23:22.000000000 -0700 -+++ b/programs/pluto/ikev1.c 2023-08-28 16:03:33.198560283 -0700 -@@ -1748,7 +1748,6 @@ void process_packet_tail(struct msg_dige - const struct state_v1_microcode *smc = md->smc; - enum state_kind from_state = smc->state; - bool new_iv_set = md->new_iv_set; -- bool self_delete = false; - - if (md->hdr.isa_flags & ISAKMP_FLAGS_v1_ENCRYPTION) { - -@@ -2223,38 +2222,40 @@ void process_packet_tail(struct msg_dige - } - } - -+ pexpect(st == md->v1_st); /* could be NULL */ -+ - for (struct payload_digest *p = md->chain[ISAKMP_NEXT_D]; - p != NULL; p = p->next) { -- self_delete |= accept_delete(md, p); -- if (DBGP(DBG_BASE)) { -- DBG_dump("del:", p->pbs.cur, -- pbs_left(&p->pbs)); -+ if (!accept_delete(&st, md, p)) { -+ ldbg(md->md_logger, "bailing with bad delete message"); -+ return; - } -- if (md->v1_st != st) { -- pexpect(md->v1_st == NULL); -- dbg("zapping ST as accept_delete() zapped MD.ST"); -- st = md->v1_st; -+ if (st == NULL) { -+ ldbg(md->md_logger, "bailing due to self-inflicted delete"); -+ return; - } - } - -+ pexpect(st == md->v1_st); /* could be NULL */ -+ - for (struct payload_digest *p = md->chain[ISAKMP_NEXT_VID]; - p != NULL; p = p->next) { - handle_v1_vendorid(md, pbs_in_left_as_shunk(&p->pbs), - (st != NULL ? st->st_logger : md->md_logger)); - } - -- if (self_delete) { -- accept_self_delete(md); -- st = md->v1_st; -- /* note: st ought to be NULL from here on */ -- } -+ pexpect(st == md->v1_st); /* could be NULL */ - -- pexpect(st == md->v1_st); -- statetime_t start = statetime_start(md->v1_st); - /* -- * XXX: danger - the .informational() processor deletes ST; -- * and then tunnels this loss through MD.ST. -+ * XXX: Danger. -+ * -+ * ++ the .informational() processor deletes ST; and then -+ * tries to tunnel this loss back through MD.ST. -+ * -+ * ++ the .aggressive() processor replaces .V1_ST with the IKE -+ * SA? - */ -+ statetime_t start = statetime_start(st); - stf_status e = smc->processor(st, md); - complete_v1_state_transition(md->v1_st, md, e); - statetime_stop(&start, "%s()", __func__); -diff --show-c-function -Naur a/programs/pluto/ikev1_main.c b/programs/pluto/ikev1_main.c ---- a/programs/pluto/ikev1_main.c 2022-05-24 10:23:22.000000000 -0700 -+++ b/programs/pluto/ikev1_main.c 2023-08-28 16:03:33.198560283 -0700 -@@ -1984,19 +1984,25 @@ void send_v1_delete(struct state *st) - * @param md Message Digest - * @param p Payload digest - * -- * returns TRUE to indicate st needs to be deleted. -- * We dare not do that ourselves because st is still in use. -- * accept_self_delete must be called to do this -- * at a more appropriate time. -+ * DANGER: this may stomp on *SDP and md->v1_st. -+ * -+ * Returns FALSE when the payload is crud. - */ --bool accept_delete(struct msg_digest *md, -- struct payload_digest *p) -+bool accept_delete(struct state **stp, -+ struct msg_digest *md, -+ struct payload_digest *p) - { -- struct state *st = md->v1_st; -+ struct state *st = *stp; - struct isakmp_delete *d = &(p->payload.delete); - size_t sizespi; - int i; -- bool self_delete = false; -+ -+ /* Need state for things to be encrypted */ -+ if (st == NULL) { -+ llog(RC_LOG_SERIOUS, md->md_logger, -+ "ignoring Delete SA with no matching state"); -+ return false; -+ } - - /* We only listen to encrypted notifications */ - if (!md->encrypted) { -@@ -2031,7 +2037,7 @@ bool accept_delete(struct msg_digest *md - - case PROTO_IPCOMP: - /* nothing interesting to delete */ -- return false; -+ return true; - - default: - { -@@ -2090,21 +2096,20 @@ bool accept_delete(struct msg_digest *md - * identities - */ - log_state(RC_LOG_SERIOUS, st, "ignoring Delete SA payload: ISAKMP SA used to convey Delete has different IDs from ISAKMP SA it deletes"); -- } else if (dst == st) { -- /* -- * remember this for later: -- * we need st to do any remaining deletes -- */ -- self_delete = true; - } else { - /* note: this code is cloned for handling self_delete */ -- log_state(RC_LOG_SERIOUS, st, "received Delete SA payload: deleting ISAKMP State #%lu", -+ log_state(RC_LOG_SERIOUS, st, "received Delete SA payload: %sdeleting ISAKMP State #%lu", -+ (dst == st ? "self-" : ""), - dst->st_serialno); - if (nat_traversal_enabled && dst->st_connection->ikev1_natt != NATT_NONE) { - nat_traversal_change_port_lookup(md, dst); - v1_maybe_natify_initiator_endpoints(st, HERE); -- } -+ } - delete_state(dst); -+ if (dst == st) { -+ *stp = dst = st = md->v1_st = NULL; -+ return true; -+ } - } - } else { - /* -@@ -2163,12 +2168,15 @@ bool accept_delete(struct msg_digest *md - event_force(EVENT_SA_REPLACE, dst); - } else { - log_state(RC_LOG_SERIOUS, st, -- "received Delete SA(0x%08" PRIx32 ") payload: deleting IPsec State #%lu", -+ "received Delete SA(0x%08" PRIx32 ") payload: %sdeleting IPsec State #%lu", - ntohl(spi), -+ (st == dst ? "self-" : ""), - dst->st_serialno); - delete_state(dst); -- if (md->v1_st == dst) -- md->v1_st = NULL; -+ if (md->v1_st == dst) { -+ *stp = dst = md->v1_st = NULL; -+ return true; -+ } - } - - if (rc->newest_ipsec_sa == SOS_NOBODY) { -@@ -2188,29 +2196,15 @@ bool accept_delete(struct msg_digest *md - * states tied to the - * connection? - */ -+ dbg("%s() self-inflicted delete of ISAKMP", __func__); - delete_states_by_connection(&rc); -- md->v1_st = NULL; -+ *stp = st = dst = md->v1_st = NULL; -+ return true; - } - } - } - } - } - -- return self_delete; --} -- --/* now it is safe to delete our sponsor */ --void accept_self_delete(struct msg_digest *md) --{ -- struct state *st = md->v1_st; -- -- /* note: this code is cloned from handling ISAKMP non-self_delete */ -- log_state(RC_LOG_SERIOUS, st, "received Delete SA payload: self-deleting ISAKMP State #%lu", -- st->st_serialno); -- if (nat_traversal_enabled && st->st_connection->ikev1_natt != NATT_NONE) { -- nat_traversal_change_port_lookup(md, st); -- v1_maybe_natify_initiator_endpoints(st, HERE); -- } -- delete_state(st); -- md->v1_st = st = NULL; -+ return true; - } -diff --show-c-function -Naur a/programs/pluto/ipsec_doi.h b/programs/pluto/ipsec_doi.h ---- a/programs/pluto/ipsec_doi.h 2022-05-24 10:23:22.000000000 -0700 -+++ b/programs/pluto/ipsec_doi.h 2023-08-28 16:03:33.198560283 -0700 -@@ -31,9 +31,9 @@ extern void ipsecdoi_replace(struct stat - - extern void init_phase2_iv(struct state *st, const msgid_t *msgid); - --extern bool accept_delete(struct msg_digest *md, -+extern bool accept_delete(struct state **st, -+ struct msg_digest *md, - struct payload_digest *p); --extern void accept_self_delete(struct msg_digest *md); - - extern stf_status send_isakmp_notification(struct state *st, - uint16_t type, const void *data, diff --git a/SPECS/libreswan/libreswan.signatures.json b/SPECS/libreswan/libreswan.signatures.json index 8c228bdde7c..b22c3e8936b 100644 --- a/SPECS/libreswan/libreswan.signatures.json +++ b/SPECS/libreswan/libreswan.signatures.json @@ -1,6 +1,6 @@ { "Signatures": { - "libreswan-4.7.tar.gz": "ddd6337b3900063d870301c3d9f61f56107c765850fb00a163d360359ff3fc44", + "libreswan-4.14.tar.gz": "b986c04e35da6ddbd135daf67f8c2a350ea7afc89ec57c6ca8823a9776329ccc", "ikev1_dsa.fax.bz2": "030c7ac59422c2c36ed332efca925b18dd842da138619daab65c15663c687086", "ikev1_psk.fax.bz2": "4698f0d8e653e20f279dd54aa1a270aadcc3e99da9e3a91852af12a644cc3531", "ikev2.fax.bz2": "36f356538cdcab6a1712425ad386f32834f0dc333acbc4cc642db0f910be1d21" diff --git a/SPECS/libreswan/libreswan.spec b/SPECS/libreswan/libreswan.spec index 8c2143658de..0eb8a37077e 100644 --- a/SPECS/libreswan/libreswan.spec +++ b/SPECS/libreswan/libreswan.spec @@ -11,6 +11,7 @@ INITSYSTEM=systemd \\\ PYTHON_BINARY=%{__python3} \\\ SHELL_BINARY=%{_bindir}/sh \\\ + DEFAULT_DNSSEC_ROOTKEY_FILE="/var/lib/unbound/root.key" \\\ USE_DNSSEC=true \\\ USE_LABELED_IPSEC=true \\\ USE_LDAP=true \\\ @@ -25,8 +26,8 @@ Summary: Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec Name: libreswan -Version: 4.7 -Release: 5%{?dist} +Version: 4.14 +Release: 1%{?dist} License: GPLv2+ Vendor: Microsoft Corporation Distribution: Mariner @@ -36,9 +37,6 @@ Source0: https://github.com/libreswan/libreswan/archive/refs/tags/v%{vers Source3: https://download.libreswan.org/cavs/ikev1_dsa.fax.bz2 Source4: https://download.libreswan.org/cavs/ikev1_psk.fax.bz2 Source5: https://download.libreswan.org/cavs/ikev2.fax.bz2 -Patch0: CVE-2023-38710.patch -Patch1: CVE-2023-38711.patch -Patch2: CVE-2023-38712.patch BuildRequires: audit-libs-devel BuildRequires: bison @@ -196,6 +194,9 @@ certutil -N -d sql:$tmpdir --empty-password %doc %{_mandir}/*/* %changelog +* Mon Apr 01 2024 Rohit Rawat - 4.14-1 +- Upgrade to 4.14 to fix CVE-2024-2357 + * Mon Aug 28 2023 Henry Beberman - 4.7-5 - Backport patches for CVE-2023-38710, CVE-2023-38711, CVE-2023-38712 diff --git a/SPECS/prebuilt-ca-certificates-base/prebuilt-ca-certificates-base.spec b/SPECS/prebuilt-ca-certificates-base/prebuilt-ca-certificates-base.spec index dd930d87f2f..8f007f027e8 100644 --- a/SPECS/prebuilt-ca-certificates-base/prebuilt-ca-certificates-base.spec +++ b/SPECS/prebuilt-ca-certificates-base/prebuilt-ca-certificates-base.spec @@ -3,7 +3,7 @@ Name: prebuilt-ca-certificates-base # When updating, "Epoch, "Version", AND "Release" tags must be updated in the "ca-certificates" package as well. Epoch: 1 Version: 2.0.0 -Release: 15%{?dist} +Release: 16%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -46,6 +46,9 @@ find %{buildroot} -name README -delete %{_sysconfdir}/pki/java/cacerts %changelog +* Fri Mar 29 2024 CBL-Mariner Servicing Account - 2.0.0-16 +- Making 'Release' match with 'ca-certificates' + * Fri Jan 26 2024 CBL-Mariner Servicing Account - 2.0.0-15 - Making 'Release' match with 'ca-certificates' diff --git a/SPECS/prebuilt-ca-certificates/prebuilt-ca-certificates.spec b/SPECS/prebuilt-ca-certificates/prebuilt-ca-certificates.spec index 4781064f949..efd866fd6b2 100644 --- a/SPECS/prebuilt-ca-certificates/prebuilt-ca-certificates.spec +++ b/SPECS/prebuilt-ca-certificates/prebuilt-ca-certificates.spec @@ -3,7 +3,7 @@ Name: prebuilt-ca-certificates # When updating, "Epoch, "Version", AND "Release" tags must be updated in the "ca-certificates" package as well. Epoch: 1 Version: 2.0.0 -Release: 15%{?dist} +Release: 16%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -49,6 +49,9 @@ find %{buildroot} -name README -delete %{_sysconfdir}/pki/java/cacerts %changelog +* Fri Mar 29 2024 CBL-Mariner Servicing Account - 2.0.0-16 +- Making 'Release' match with 'ca-certificates' + * Fri Jan 26 2024 CBL-Mariner Servicing Account - 2.0.0-15 - Making 'Release' match with 'ca-certificates' diff --git a/cgmanifest.json b/cgmanifest.json index 7f5c9623b0a..323cd564247 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -10781,8 +10781,8 @@ "type": "other", "other": { "name": "libreswan", - "version": "4.7", - "downloadUrl": "https://github.com/libreswan/libreswan/archive/refs/tags/v4.7.tar.gz" + "version": "4.14", + "downloadUrl": "https://github.com/libreswan/libreswan/archive/refs/tags/v4.14.tar.gz" } } }, diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 0a3e522a7a6..1a5f73f4ac6 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -95,9 +95,9 @@ elfutils-libelf-0.186-2.cm2.aarch64.rpm elfutils-libelf-devel-0.186-2.cm2.aarch64.rpm elfutils-libelf-devel-static-0.186-2.cm2.aarch64.rpm elfutils-libelf-lang-0.186-2.cm2.aarch64.rpm -expat-2.6.2-1.cm2.aarch64.rpm -expat-devel-2.6.2-1.cm2.aarch64.rpm -expat-libs-2.6.2-1.cm2.aarch64.rpm +expat-2.6.2-2.cm2.aarch64.rpm +expat-devel-2.6.2-2.cm2.aarch64.rpm +expat-libs-2.6.2-2.cm2.aarch64.rpm libpipeline-1.5.5-3.cm2.aarch64.rpm libpipeline-devel-1.5.5-3.cm2.aarch64.rpm gdbm-1.21-1.cm2.aarch64.rpm @@ -231,10 +231,10 @@ libffi-devel-3.4.2-3.cm2.aarch64.rpm libtasn1-4.19.0-1.cm2.aarch64.rpm p11-kit-0.24.1-1.cm2.aarch64.rpm p11-kit-trust-0.24.1-1.cm2.aarch64.rpm -ca-certificates-shared-2.0.0-15.cm2.noarch.rpm -ca-certificates-tools-2.0.0-15.cm2.noarch.rpm -ca-certificates-base-2.0.0-15.cm2.noarch.rpm -ca-certificates-2.0.0-15.cm2.noarch.rpm +ca-certificates-shared-2.0.0-16.cm2.noarch.rpm +ca-certificates-tools-2.0.0-16.cm2.noarch.rpm +ca-certificates-base-2.0.0-16.cm2.noarch.rpm +ca-certificates-2.0.0-16.cm2.noarch.rpm dwz-0.14-2.cm2.aarch64.rpm unzip-6.0-20.cm2.aarch64.rpm python3-3.9.19-1.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 79f19e9a399..706862e168b 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -95,9 +95,9 @@ elfutils-libelf-0.186-2.cm2.x86_64.rpm elfutils-libelf-devel-0.186-2.cm2.x86_64.rpm elfutils-libelf-devel-static-0.186-2.cm2.x86_64.rpm elfutils-libelf-lang-0.186-2.cm2.x86_64.rpm -expat-2.6.2-1.cm2.x86_64.rpm -expat-devel-2.6.2-1.cm2.x86_64.rpm -expat-libs-2.6.2-1.cm2.x86_64.rpm +expat-2.6.2-2.cm2.x86_64.rpm +expat-devel-2.6.2-2.cm2.x86_64.rpm +expat-libs-2.6.2-2.cm2.x86_64.rpm libpipeline-1.5.5-3.cm2.x86_64.rpm libpipeline-devel-1.5.5-3.cm2.x86_64.rpm gdbm-1.21-1.cm2.x86_64.rpm @@ -231,10 +231,10 @@ libffi-devel-3.4.2-3.cm2.x86_64.rpm libtasn1-4.19.0-1.cm2.x86_64.rpm p11-kit-0.24.1-1.cm2.x86_64.rpm p11-kit-trust-0.24.1-1.cm2.x86_64.rpm -ca-certificates-shared-2.0.0-15.cm2.noarch.rpm -ca-certificates-tools-2.0.0-15.cm2.noarch.rpm -ca-certificates-base-2.0.0-15.cm2.noarch.rpm -ca-certificates-2.0.0-15.cm2.noarch.rpm +ca-certificates-shared-2.0.0-16.cm2.noarch.rpm +ca-certificates-tools-2.0.0-16.cm2.noarch.rpm +ca-certificates-base-2.0.0-16.cm2.noarch.rpm +ca-certificates-2.0.0-16.cm2.noarch.rpm dwz-0.14-2.cm2.x86_64.rpm unzip-6.0-20.cm2.x86_64.rpm python3-3.9.19-1.cm2.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 46abb64c7cf..7847ebcbeec 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -18,11 +18,11 @@ bzip2-1.0.8-1.cm2.aarch64.rpm bzip2-debuginfo-1.0.8-1.cm2.aarch64.rpm bzip2-devel-1.0.8-1.cm2.aarch64.rpm bzip2-libs-1.0.8-1.cm2.aarch64.rpm -ca-certificates-2.0.0-15.cm2.noarch.rpm -ca-certificates-base-2.0.0-15.cm2.noarch.rpm -ca-certificates-legacy-2.0.0-15.cm2.noarch.rpm -ca-certificates-shared-2.0.0-15.cm2.noarch.rpm -ca-certificates-tools-2.0.0-15.cm2.noarch.rpm +ca-certificates-2.0.0-16.cm2.noarch.rpm +ca-certificates-base-2.0.0-16.cm2.noarch.rpm +ca-certificates-legacy-2.0.0-16.cm2.noarch.rpm +ca-certificates-shared-2.0.0-16.cm2.noarch.rpm +ca-certificates-tools-2.0.0-16.cm2.noarch.rpm ccache-4.8-1.cm2.aarch64.rpm ccache-debuginfo-4.8-1.cm2.aarch64.rpm check-0.15.2-1.cm2.aarch64.rpm @@ -73,10 +73,10 @@ elfutils-libelf-0.186-2.cm2.aarch64.rpm elfutils-libelf-devel-0.186-2.cm2.aarch64.rpm elfutils-libelf-devel-static-0.186-2.cm2.aarch64.rpm elfutils-libelf-lang-0.186-2.cm2.aarch64.rpm -expat-2.6.2-1.cm2.aarch64.rpm -expat-debuginfo-2.6.2-1.cm2.aarch64.rpm -expat-devel-2.6.2-1.cm2.aarch64.rpm -expat-libs-2.6.2-1.cm2.aarch64.rpm +expat-2.6.2-2.cm2.aarch64.rpm +expat-debuginfo-2.6.2-2.cm2.aarch64.rpm +expat-devel-2.6.2-2.cm2.aarch64.rpm +expat-libs-2.6.2-2.cm2.aarch64.rpm file-5.40-2.cm2.aarch64.rpm file-debuginfo-5.40-2.cm2.aarch64.rpm file-devel-5.40-2.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index fa597719c7a..891050c69b3 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -19,11 +19,11 @@ bzip2-1.0.8-1.cm2.x86_64.rpm bzip2-debuginfo-1.0.8-1.cm2.x86_64.rpm bzip2-devel-1.0.8-1.cm2.x86_64.rpm bzip2-libs-1.0.8-1.cm2.x86_64.rpm -ca-certificates-2.0.0-15.cm2.noarch.rpm -ca-certificates-base-2.0.0-15.cm2.noarch.rpm -ca-certificates-legacy-2.0.0-15.cm2.noarch.rpm -ca-certificates-shared-2.0.0-15.cm2.noarch.rpm -ca-certificates-tools-2.0.0-15.cm2.noarch.rpm +ca-certificates-2.0.0-16.cm2.noarch.rpm +ca-certificates-base-2.0.0-16.cm2.noarch.rpm +ca-certificates-legacy-2.0.0-16.cm2.noarch.rpm +ca-certificates-shared-2.0.0-16.cm2.noarch.rpm +ca-certificates-tools-2.0.0-16.cm2.noarch.rpm ccache-4.8-1.cm2.x86_64.rpm ccache-debuginfo-4.8-1.cm2.x86_64.rpm check-0.15.2-1.cm2.x86_64.rpm @@ -76,10 +76,10 @@ elfutils-libelf-0.186-2.cm2.x86_64.rpm elfutils-libelf-devel-0.186-2.cm2.x86_64.rpm elfutils-libelf-devel-static-0.186-2.cm2.x86_64.rpm elfutils-libelf-lang-0.186-2.cm2.x86_64.rpm -expat-2.6.2-1.cm2.x86_64.rpm -expat-debuginfo-2.6.2-1.cm2.x86_64.rpm -expat-devel-2.6.2-1.cm2.x86_64.rpm -expat-libs-2.6.2-1.cm2.x86_64.rpm +expat-2.6.2-2.cm2.x86_64.rpm +expat-debuginfo-2.6.2-2.cm2.x86_64.rpm +expat-devel-2.6.2-2.cm2.x86_64.rpm +expat-libs-2.6.2-2.cm2.x86_64.rpm file-5.40-2.cm2.x86_64.rpm file-debuginfo-5.40-2.cm2.x86_64.rpm file-devel-5.40-2.cm2.x86_64.rpm