| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
as configuration files; split manpages and .pc files between libcrypto and
libssl.
No functional change, only there to make engineering easier, and libcrypto
sources are still found in libssl/src/crypto at the moment.
ok reyk@, also discussed with deraadt@ beck@ and the usual crypto suspects.
|
| |
|
|
|
|
| |
Notably this removes CAcert who it turns out have strict requirements on
redistribution (http://www.cacert.org/policy/RootDistributionLicense.php)
which we don't meet.
|
| |
|
|
|
|
|
|
|
| |
- Baltimore CyberTrust Root
- Deutsche Telekom Root CA 2
- T-TeleSec GlobalRoot Class 2
- T-TeleSec GlobalRoot Class 3
ok sthen@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- additional cert's from GlobalSign.
- additional cert's from VeriSign and replace existing ones with
'Signature Algorithm: md2WithRSAEncryption' with their currently
distributed sha1WithRSAEncryption versions.
- new CAs: AddTrust (root for most Comodo certificates also heavily
used in academic networks), Comodo (most of their certs are rooted in
AddTrust but TERENA use the Comodo AAA Certificate Services root
for some things so add that separately), UserTrust Network/UTN
(part of Comodo) and Starfield (part of Go Daddy).
|
| |
|
|
| |
ok beck@ william@ todd@
|
| |
|
|
|
|
| |
and include sha1 signatures for all certs (some were missing).
No certificate changes, this is just for consistency. ok beck@
|
| |
|
|
|
|
| |
Remove intermediate GoDaddy certificate, this file should just contain roots.
ok beck@ phessler@
|
| |
|
|
|
|
|
|
|
|
|
| |
Allows https checkouts from github to work.
- Add digicert's other root certs.
Fingerprints carefully checked against those in the built-in roots
supplied with Mozilla.
ok dcoppa@ jcs@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
DigiCert High Assurance CA-3
Go Daddy Secure Certification Authority/serialNumber=07969287
Equifax Secure Certificate Authority
VeriSign Class 3 Public Primary Certification Authority - G5
Entrust Certification Authority - L1C
Entrust.net Secure Server Certification Authority
ok mikeb@ beck@ fgsch@
constant prodding by marco@
|
| |
|
|
|
|
|
|
|
|
|
| |
"if you have checked this I am ok with it" does not mean
1) not to pay attention to breaking news after I tell you that and
2) not to get ok's from the others this had been shown to.
I am absolutely not ok with thig going in with only *my* ok. There's a reason why we want more than one ok on important commits
ok deraadt@ for the backout
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
DigiCert High Assurance CA-3
Go Daddy Secure Certification Authority
COMODO High-Assurance Secure Server CA
Equifax Secure Certificate Authority
VeriSign Class 3 Public Primary Certification Authority - G5
Entrust Certification Authority - L1C
Entrust.net Secure Server Certification Authority
cross checked with mozilla
ok beck@
|
| |
|
|
| |
ok beck@ fgsch@
|
| | |
|
| | |
|
| |
|
|
|
| |
found by Guillaume Protet (guillaume dot protet at mortheres dot info)
while testing bzr update. deraadt@ ok
|
| |
|
|
| |
beck@ ok
|
| |
|
|
| |
ok beck@
|
| |
|
|
| |
ok jakob@
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
'openssl x509 -hash'. ok beck@
|
| | |
|
| |
|
|
| |
'openssl x509 -hash'. ok beck@
|
|
|
location for libssl, this makes lynx not bitch when seeing sites
with certificates signed by these issuers. We should probably
think carefully about adding a few more in here too.
|
