openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	New CA root certificates, ok beck@.	sthen	2012-12-03	1	-99/+1705
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	- additional cert's from GlobalSign. - additional cert's from VeriSign and replace existing ones with 'Signature Algorithm: md2WithRSAEncryption' with their currently distributed sha1WithRSAEncryption versions. - new CAs: AddTrust (root for most Comodo certificates also heavily used in academic networks), Comodo (most of their certs are rooted in AddTrust but TERENA use the Comodo AAA Certificate Services root for some things so add that separately), UserTrust Network/UTN (part of Comodo) and Starfield (part of Go Daddy).
*	Additional CA root certificates: GeoTrust/Equifax, Go Daddy, StartCom, thawte.	sthen	2012-12-01	1	-0/+1187
\| \| \| \|	ok beck@ william@ todd@
*	Regenerate the text information for all certificates with recent openssl	sthen	2012-11-30	1	-439/+465
\| \| \| \| \| \|	and include sha1 signatures for all certs (some were missing). No certificate changes, this is just for consistency. ok beck@
*	Remove retired Thawte/Verisign certificates.	sthen	2012-11-30	1	-499/+0
\| \| \| \| \| \|	Remove intermediate GoDaddy certificate, this file should just contain roots. ok beck@ phessler@
*	- Replace digicert 2nd-level cert with the root which issued it.	sthen	2011-07-20	1	-114/+247
\| \| \| \| \| \| \| \| \| \| \|	Allows https checkouts from github to work. - Add digicert's other root certs. Fingerprints carefully checked against those in the built-in roots supplied with Mozilla. ok dcoppa@ jcs@
*	Add the following certs:	dhill	2011-06-15	1	-0/+563
\| \| \| \| \| \| \| \| \| \| \| \|	DigiCert High Assurance CA-3 Go Daddy Secure Certification Authority/serialNumber=07969287 Equifax Secure Certificate Authority VeriSign Class 3 Public Primary Certification Authority - G5 Entrust Certification Authority - L1C Entrust.net Secure Server Certification Authority ok mikeb@ beck@ fgsch@ constant prodding by marco@
*	back out previous commit.	beck	2011-03-25	1	-665/+0
\| \| \| \| \| \| \| \| \| \| \|	"if you have checked this I am ok with it" does not mean 1) not to pay attention to breaking news after I tell you that and 2) not to get ok's from the others this had been shown to. I am absolutely not ok with thig going in with only my ok. There's a reason why we want more than one ok on important commits ok deraadt@ for the backout
*	Add the following certs:	dhill	2011-03-25	1	-0/+665
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	DigiCert High Assurance CA-3 Go Daddy Secure Certification Authority COMODO High-Assurance Secure Server CA Equifax Secure Certificate Authority VeriSign Class 3 Public Primary Certification Authority - G5 Entrust Certification Authority - L1C Entrust.net Secure Server Certification Authority cross checked with mozilla ok beck@
*	Remove expired certs.	dhill	2011-03-03	1	-174/+0
\| \| \| \|	ok beck@ fgsch@
*	new ipsca root.	dlg	2009-12-31	1	-0/+108
\|
*	ipsca has expired	dlg	2009-12-31	1	-51/+0
\|
*	another cert that makes godaddy.com and launchpad.net (among others) happy.	fgsch	2009-10-12	1	-0/+51
\| \| \| \| \|	found by Guillaume Protet (guillaume dot protet at mortheres dot info) while testing bzr update. deraadt@ ok
*	remove expired certificates and add startcom ltd.	fgsch	2009-08-08	1	-839/+148
\| \| \| \|	beck@ ok
*	add ipsCA as a valid authority.	dlg	2009-05-25	1	-0/+51
\| \| \| \|	ok beck@
*	remove two expired certificates, diff from <Christian_Rusch@genua.de>	grunk	2007-02-17	1	-97/+0
\| \| \| \|	ok jakob@
*	add class 1 and class 3 root certificates from CAcert.org. ok beck@	jakob	2006-06-12	1	-0/+268
\|
*	remove expired certificates. ok beck@	jakob	2006-06-07	1	-541/+0
\|
*	update a couple of existing CAs that has been changed. ok beck@	jakob	2006-06-07	1	-105/+87
\|
*	reformat using 'openssl x509 -text -fingerprint -sha1' and sort by	jakob	2006-06-07	1	-2551/+2356
\| \| \| \|	'openssl x509 -hash'. ok beck@
*	back out last patch due to updated committed prematurely	jakob	2006-06-07	1	-2356/+2551
\|
*	reformat using 'openssl x509 -text -fingerprint -sha1' and sort by	jakob	2006-06-07	1	-2551/+2356
\| \| \| \|	'openssl x509 -hash'. ok beck@
*	Add a reasonably sane CA bundle to /etc/ssl/cert.pem, the default	beck	2005-04-01	1	-0/+3307
	location for libssl, this makes lynx not bitch when seeing sites with certificates signed by these issuers. We should probably think carefully about adding a few more in here too.