./security/ca-certificates, Root CA certificates from the Mozilla Project

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 20211016nb4, Package name: ca-certificates-20211016nb4, Maintainer: pkgsrc-users

This package contains the update-ca-certificates(8) tool maintained by
the Debian Project (in the ca-certificates package they distribute) to
manage the set of configured trust anchors for openssl.

The ca-certificates framework enables the sysadmin to configure the
certificates to install, using multiple sources of CA certificates, for
example to include local CAs. See update-ca-certificates(8) for details.

This package also contains the certificate authorities shipped with
Mozilla's browser to allow SSL-based applications to check for the
authenticity of SSL connections.

Please note that Debian, NetBSD, and pkgsrc can neither confirm nor deny
whether the certificate authorities whose certificates are included in
this package have in any way been audited for trustworthiness or RFC
3647 compliance. Full responsibility to assess them belongs to the
local system administrator.

See also the mozilla-rootcerts and mozilla-rootcerts-openssl packages
for alternative approaches to installing CA certificates.


Required to run:
[security/openssl]

Required to build:
[pkgtools/cwrappers] [lang/python37]

Master sites:

Filesize: 233.992 KB

Version history: (Expand)


CVS history: (Expand)


   2022-10-19 15:56:34 by Nia Alarie | Files touched by this commit (26)
Log message:
fighting a losing battle against py-cryptography rustification, part 2

Switch users to versioned_dependencies.mk.
   2022-07-17 04:58:32 by Tobias Nygren | Files touched by this commit (3)
Log message:
ca-certificates: try to mend py-cryptography fallout
   2022-07-09 11:38:57 by Thomas Klausner | Files touched by this commit (1)
Log message:
ca-certificates: this does not support python 2
   2022-06-12 09:05:30 by Kimmo Suominen | Files touched by this commit (7)
Log message:
security/ca-certificates: Add configurability for certificate store

- The location of the system certificate store can now be set using
  a new configuration file (ca-certificates-dir.conf).

- Installing the certificates to the system certificate store must
  be enabled by the administrator.
   2022-06-10 15:14:10 by Greg Troxel | Files touched by this commit (1)
Log message:
security/ca-certificates: Clarify and adjust language

Point out that this is from Debian and that Debian's policy is unclear
(it's not on HOMEPAGE at least; they probably do have one).

Note that modification outside of the package's files is either to
base or to pkgsrc openssl.

Clarify that there's a supported way to exclude particular certs as
trust anchors.
   2022-04-21 13:00:02 by Thomas Klausner | Files touched by this commit (18)
Log message:
*: convert to versioned_dependencies for py-cryptography
   2022-02-28 07:46:52 by Kimmo Suominen | Files touched by this commit (3)
Log message:
security/ca-certificates: Fix mktemp usage
   2022-02-28 06:48:44 by Kimmo Suominen | Files touched by this commit (3)
Log message:
security/ca-certificates: Update to 20211016

ca-certificates (20211016) unstable; urgency=low

  [ Michael Shuler ]
  * Fix error on install when TEMPBUNDLE missing. Closes: #996005

 -- Julien Cristau <jcristau@debian.org>  Sat, 16 Oct 2021 18:09:43 +0200

ca-certificates (20211004) unstable; urgency=low

  [ Debian Janitor ]
  * Fix day-of-week for changelog entry 20090624.

  [ Julien Cristau ]
  * Create temporary ca-certificates.crt on the same file system.
    Closes: #923784
  * Don't remove ca-certificates.crt before updating it, so it doesn't
    go missing for a short while (closes: #920348).  Thanks, Dimitris
    Aragiorgis!
  * Bump package priority from optional to standard.
  * mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority
    bundle to version 2.50
    The following certificate authorities were added (+):
    + "AC RAIZ FNMT-RCM SERVIDORES SEGUROS"
    + "GlobalSign Root R46"
    + "GlobalSign Root E46"
    + "GLOBALTRUST 2020"
    + "ANF Secure Server Root CA"
    + "Certum EC-384 CA"
    + "Certum Trusted Root CA"
    The following certificate authorities were removed (-):
    - "QuoVadis Root CA"
    - "Sonera Class 2 Root CA"
    - "GeoTrust Primary Certification Authority - G2"
    - "VeriSign Universal Root Certification Authority"
    - "Chambers of Commerce Root - 2008"
    - "Global Chambersign Root - 2008"
    - "Trustis FPS Root CA"
    - "Staat der Nederlanden Root CA - G3"
  * Blacklist expired root certificate "DST Root CA X3" (closes: #995432)
  * mozilla/certdata2pem.py: print a warning for expired certificates.

 -- Julien Cristau <jcristau@debian.org>  Thu, 07 Oct 2021 17:12:47 +0200

ca-certificates (20210119) unstable; urgency=medium

  [ Julien Cristau ]
  * New maintainer (closes: #976406)
  * mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority
    bundle to version 2.46.
    The following certificate authorities were added (+):
    + "certSIGN ROOT CA G2"
    + "e-Szigno Root CA 2017"
    + "Microsoft ECC Root Certificate Authority 2017"
    + "Microsoft RSA Root Certificate Authority 2017"
    + "NAVER Global Root Certification Authority"
    + "Trustwave Global Certification Authority"
    + "Trustwave Global ECC P256 Certification Authority"
    + "Trustwave Global ECC P384 Certification Authority"
    The following certificate authorities were removed (-):
    - "EE Certification Centre Root CA"
    - "GeoTrust Universal CA 2"
    - "LuxTrust Global Root 2"
    - "OISTE WISeKey Global Root GA CA"
    - "Staat der Nederlanden Root CA - G2" (closes: #962079)
    - "Taiwan GRCA"
    - "Verisign Class 3 Public Primary Certification Authority - G3"

  [ Michael Shuler ]
  * mozilla/blacklist:
    Revert Symantec CA blacklist (#911289). Closes: #962596
    The following root certificates were added back (+):
    + "GeoTrust Primary Certification Authority - G2"
    + "VeriSign Universal Root Certification Authority"

  [ Gianfranco Costamagna ]
  * debian/{rules,control}:
    Merge Ubuntu patch from Matthias Klose to use Python3 during build.
    Closes: #942915

 -- Julien Cristau <jcristau@debian.org>  Tue, 19 Jan 2021 11:11:04 +0100