Skip to content
Snippets Groups Projects
Commit 914471a5 authored by Natanael Copa's avatar Natanael Copa
Browse files

merge: mk-ca-bundle: remove CKA_NSS_SERVER_DISTRUST_AFTER conditions 

Apply the [upstream patch][0] to restore certificates that are going to
be removed in the future, but should still be available to verify
existing certificates.

Note that the CKA_NSS_SERVER_DISTRUST_AFTER cannot be encoded in the
generated certificate bundle, so that means newly generated certificates
will be trusted as well. This is a trade-off between breaking existing
certificates versus not trusting newly generated certificates.

With this change, the following root certificates would be restored:

- Entrust.net Premium 2048 Secure Server CA
- Entrust Root Certification Authority
- AffirmTrust Commercial
- AffirmTrust Networking
- AffirmTrust Premium
- AffirmTrust Premium ECC
- Entrust Root Certification Authority - G2
- Entrust Root Certification Authority - EC
- GLOBALTRUST 2020

[0]:https://github.com/curl/curl/commit/448df98d9280b3290ecf63e5fc9452d487f41a7c.patch

Fixes #6

Closes #6

See merge request !16
parents 35fc7508 86c088ff
No related branches found
No related tags found
1 merge request!16mk-ca-bundle: remove CKA_NSS_SERVER_DISTRUST_AFTER conditions
Pipeline #288666 passed
Stage: verify
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment