./security/mozilla-rootcerts, Root CA certificates from the Mozilla Project

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.0.20191207, Package name: mozilla-rootcerts-1.0.20191207, Maintainer: pkgsrc-users

This package provides a script which can be used to extract the root
CA certificates distributed by the Mozilla Project into the current
working directory and to rehash the existing certificates. The directory
can be used by most SSL-aware programs that expect a "CA certificate
path".


Required to build:
[pkgtools/cwrappers]

Master sites:


Version history: (Expand)


CVS history: (Expand)


   2019-12-07 19:29:31 by Sevan Janiyan | Files touched by this commit (4) | Package updated
Log message:
Update to the latest certdata.txt version available in Mozilla repo.
   2019-05-12 21:19:27 by Maya Rashish | Files touched by this commit (4) | Package updated
Log message:
mozilla-rootcerts*: update to the latest certdata.txt commit.
Let's call this 20190306, as that's the date of the commit.

Most notably, this adds support for Let's Encrypt
(ISRG Root X1).

Changes:
+# Certificate "Certigna Root CA"
+# Certificate "GTS Root R1"
+# Certificate "GTS Root R2"
+# Certificate "GTS Root R3"
+# Certificate "GTS Root R4"
+# Certificate "GlobalSign Root CA - R6"
+# Certificate "Hongkong Post Root CA 3"
+# Certificate "ISRG Root X1"
+# Certificate "OISTE WISeKey Global Root GC CA"
+# Certificate "UCA Extended Validation Root"
+# Certificate "UCA Global G2 Root"
+# Certificate "emSign ECC Root CA - C3"
+# Certificate "emSign ECC Root CA - G3"
+# Certificate "emSign Root CA - C1"
+# Certificate "emSign Root CA - G1"
-# Certificate "AC Raiz Certicamara S.A."
-# Certificate "Certplus Root CA G1"
-# Certificate "Certplus Root CA G2"
-# Certificate "ComSign CA"
-# Certificate "ISRG Root X1"
-# Certificate "OpenTrust Root CA G1"
-# Certificate "OpenTrust Root CA G2"
-# Certificate "OpenTrust Root CA G3"
-# Certificate "S-TRUST Universal Root CA"
-# Certificate "TC TrustCenter Class 3 CA II"
-# Certificate "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5"
-# Certificate "Visa eCommerce Root"
   2018-03-04 02:42:31 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 1.0.20180111

* Based on NSS 3.35 beta 1
   2017-07-06 02:58:35 by Greg Troxel | Files touched by this commit (2)
Log message:
Regularize path subsitution and use PREFIX

Use PREFIX rather than LOCALBASE.  What matters is where this packages
prefix is, not anything else.

Substitute all paths the same way, assigning to sh variables in one
place, alphabetically, and then using them.  Sort list of substituted
variables alphabetically also, so it's easier to review the code.

No functional change for any reasonable configuration.

Based on a suggestion by J. Lewis Muir on pkgsrc-users.
   2017-06-22 02:30:10 by Greg Troxel | Files touched by this commit (1)
Log message:
Add comment about multiple install locations

This package installs into either the builtin openssl or the pkgsrc
one, depending on which is chosen.  However, that's not obviously
right (while also not obviously wrong).  If there are two versions of
of openssl, perhaps both should have certificates configured.  Or
perhaps not -- this simply adds a comment that the issue bears
thinking about.
   2017-06-19 02:39:53 by Greg Troxel | Files touched by this commit (1)
Log message:
Adjust comments around ca-certificates.crt

(Ride earlier PKGREVISION.)
   2017-06-19 02:37:48 by Greg Troxel | Files touched by this commit (2)
Log message:
Revert touching of openssl config file

Earlier, code was added to "touch $conffile" to work around openssl
issuing a warning if openssl.conf was not present.  This is
problematic because if the warning is appropriate, 1) we have no way
of knowing that an empty config file is correct and 2) we should not
silence it.  If the warning is buggy, then openssl and/or the base
system should be fixed.  Further, this code changes the modification
date of the config file on every run, even when there is a valid
config file.

(There was no discussion prior, three objections and no concurrences,
and no response, so reverting seems ok.)
   2017-06-19 02:32:38 by Greg Troxel | Files touched by this commit (2)
Log message:
Rationalize directory handling around ca-certificates.crt

Now, ca-certificates.crt is always in the main certs dir, because we
have been careful about builtin vs pkgsrc paths.  So the directory
must exist (because it was checked earlier).  Instead, check for the
ca-certificates.crt file existing.  Add more questioning comments.

Based on a patch by J. Lewis Muir.