diff options
| author | sthen <> | 2016-02-17 13:06:54 +0000 |
|---|---|---|
| committer | sthen <> | 2016-02-17 13:06:54 +0000 |
| commit | 7c29ec3c8321ebd24bd96ec1df1ded888768b275 (patch) | |
| tree | c4ddb131a3e7f0aa67f2e10ab29211922b35e86b /src/lib/libssl/d1_clnt.c | |
| parent | 208f3180dd0afc800e46028ff567226eb4efd4c7 (diff) | |
| download | openbsd-7c29ec3c8321ebd24bd96ec1df1ded888768b275.tar.gz openbsd-7c29ec3c8321ebd24bd96ec1df1ded888768b275.tar.bz2 openbsd-7c29ec3c8321ebd24bd96ec1df1ded888768b275.zip | |
Sync some root certificates with Mozilla's cert store. ok bcook@
- Add new root certificates present in Mozilla cert store from CA
organizations who are already in cert.pem (AddTrust, Comodo, DigiCert,
Entrust, GeoTrust, USERTrust).
- Replace Startcom's root with their updated sha256 version present in
Mozilla cert store. (They maintained serial# etc so this is still valid
for existing signed certificates).
- Add two root certificates from CA not previously present:
"C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority"
"C=PL, O=Unizeto Sp. z o.o., CN=Certum CA" (the latter used by yandex.ru)
We are still listing some certificates that have been removed from
Mozilla's store (1024-bit etc) however these cannot be removed until
cert validation is improved (we don't currently accept a certificate
as valid unless the CA is at the end of a chain).
Diffstat (limited to 'src/lib/libssl/d1_clnt.c')
0 files changed, 0 insertions, 0 deletions