/hg/release/icedtea6-1.11: 4 new changesets
omajid at icedtea.classpath.org
omajid at icedtea.classpath.org
Tue Feb 19 13:21:42 PST 2013
changeset 1e70da0f6120 in /hg/release/icedtea6-1.11
details: http://icedtea.classpath.org/hg/release/icedtea6-1.11?cmd=changeset;node=1e70da0f6120
author: Andrew John Hughes <gnu.andrew at redhat.com>
date: Fri Feb 15 04:54:48 2013 +0000
Add patches for next security update.
2013-02-15 Andrew John Hughes <gnu.andrew at redhat.com>
* Makefile.am:
(SECURITY_PATCHES): Add latest security patches
and backport required for 8007688.
* NEWS: List security fixes & backport and
set release date.
* patches/openjdk/7123519-problems_with_certification_path.patch,
* patches/security/20130219/8006446.patch,
* patches/security/20130219/8006777.patch,
* patches/security/20130219/8007688.patch:
New patches for next security update.
changeset 333a669397e2 in /hg/release/icedtea6-1.11
details: http://icedtea.classpath.org/hg/release/icedtea6-1.11?cmd=changeset;node=333a669397e2
author: Andrew John Hughes <gnu.andrew at redhat.com>
date: Fri Feb 15 04:55:31 2013 +0000
Set version to 1.11.8.
2013-02-15 Andrew John Hughes <gnu.andrew at redhat.com>
* configure.ac: Set version to 1.11.8.
changeset c529222b0628 in /hg/release/icedtea6-1.11
details: http://icedtea.classpath.org/hg/release/icedtea6-1.11?cmd=changeset;node=c529222b0628
author: Andrew John Hughes <gnu.andrew at redhat.com>
date: Sun Feb 17 19:17:52 2013 +0000
Add LogManager regression fixes.
2013-02-17 Andrew John Hughes <gnu.andrew at redhat.com>
* Makefile.am:
(ICEDTEA_PATCHES): Add new patches.
* NEWS: List new patches.
* patches/openjdk/8007393.patch,
* patches/openjdk/8007611.patch:
Regression fixes for LogManager.
changeset bc9651b26684 in /hg/release/icedtea6-1.11
details: http://icedtea.classpath.org/hg/release/icedtea6-1.11?cmd=changeset;node=bc9651b26684
author: Omair Majid <omajid at redhat.com>
date: Tue Feb 19 16:20:57 2013 -0500
Added tag icedtea6-1.11.8 for changeset c529222b0628
diffstat:
.hgtags | 1 +
ChangeLog | 26 +
Makefile.am | 10 +-
NEWS | 10 +-
configure.ac | 2 +-
patches/openjdk/7123519-problems_with_certification_path.patch | 1055 ++++++++++
patches/openjdk/8007393.patch | 78 +
patches/openjdk/8007611.patch | 24 +
patches/security/20130219/8006446.patch | 395 +++
patches/security/20130219/8006777.patch | 1019 +++++++++
patches/security/20130219/8007688.patch | 130 +
11 files changed, 2746 insertions(+), 4 deletions(-)
diffs (truncated from 2823 to 500 lines):
diff -r d6603cf5d5ad -r bc9651b26684 .hgtags
--- a/.hgtags Fri Feb 15 02:36:30 2013 +0000
+++ b/.hgtags Tue Feb 19 16:20:57 2013 -0500
@@ -30,3 +30,4 @@
f63ce43904998e7e9ac04558ada787bb73044ef6 icedtea6-1.11.5
5abf1a204fb2d79db87beb5735f4cff245e90ff6 icedtea6-1.11.6
ae00216847f46fa26899a5317b75ea07edd5cb19 icedtea6-1.11.7
+c529222b0628a112d53bfe3dafa7292df9d6e683 icedtea6-1.11.8
diff -r d6603cf5d5ad -r bc9651b26684 ChangeLog
--- a/ChangeLog Fri Feb 15 02:36:30 2013 +0000
+++ b/ChangeLog Tue Feb 19 16:20:57 2013 -0500
@@ -1,3 +1,29 @@
+2013-02-17 Andrew John Hughes <gnu.andrew at redhat.com>
+
+ * Makefile.am:
+ (ICEDTEA_PATCHES): Add new patches.
+ * NEWS: List new patches.
+ * patches/openjdk/8007393.patch,
+ * patches/openjdk/8007611.patch:
+ Regression fixes for LogManager.
+
+2013-02-15 Andrew John Hughes <gnu.andrew at redhat.com>
+
+ * configure.ac: Set version to 1.11.8.
+
+2013-02-15 Andrew John Hughes <gnu.andrew at redhat.com>
+
+ * Makefile.am:
+ (SECURITY_PATCHES): Add latest security patches
+ and backport required for 8007688.
+ * NEWS: List security fixes & backport and
+ set release date.
+ * patches/openjdk/7123519-problems_with_certification_path.patch,
+ * patches/security/20130219/8006446.patch,
+ * patches/security/20130219/8006777.patch,
+ * patches/security/20130219/8007688.patch:
+ New patches for next security update.
+
2013-02-14 Andrew John Hughes <gnu.andrew at redhat.com>
PR1319: Support GIF lib v5.
diff -r d6603cf5d5ad -r bc9651b26684 Makefile.am
--- a/Makefile.am Fri Feb 15 02:36:30 2013 +0000
+++ b/Makefile.am Tue Feb 19 16:20:57 2013 -0500
@@ -274,7 +274,11 @@
patches/security/20130201/8001307.patch \
patches/security/20130201/8001972.patch \
patches/security/20130201/8002325.patch \
- patches/security/20130201/8001235.patch
+ patches/security/20130201/8001235.patch \
+ patches/security/20130219/8006446.patch \
+ patches/security/20130219/8006777.patch \
+ patches/openjdk/7123519-problems_with_certification_path.patch \
+ patches/security/20130219/8007688.patch
SPECIAL_SECURITY_PATCH = patches/security/20120214/7112642.patch
@@ -493,7 +497,9 @@
patches/openjdk/8005615-failure_to_load_logger_implementation.patch \
patches/openjdk/8004341-jck_dialog_failure.patch \
patches/openjdk/8004341-jck_dialog_failure-02.patch \
- patches/pr1319-support_giflib_5.patch
+ patches/pr1319-support_giflib_5.patch \
+ patches/openjdk/8007393.patch \
+ patches/openjdk/8007611.patch
if WITH_RHINO
ICEDTEA_PATCHES += \
diff -r d6603cf5d5ad -r bc9651b26684 NEWS
--- a/NEWS Fri Feb 15 02:36:30 2013 +0000
+++ b/NEWS Tue Feb 19 16:20:57 2013 -0500
@@ -10,8 +10,16 @@
CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
-New in release 1.11.8 (2013-02-XX):
+New in release 1.11.8 (2013-02-19):
+* Security fixes
+ - S8006446: Restrict MBeanServer access
+ - S8006777: Improve TLS handling of invalid messages
+ - S8007688: Blacklist known bad certificate
+* Backports
+ - S7123519: problems with certification path
+ - S8007393: Possible race condition after JDK-6664509
+ - S8007611: logging behavior in applet changed
* Bug fixes
- PR1319: Support GIF lib v5.
diff -r d6603cf5d5ad -r bc9651b26684 configure.ac
--- a/configure.ac Fri Feb 15 02:36:30 2013 +0000
+++ b/configure.ac Tue Feb 19 16:20:57 2013 -0500
@@ -1,4 +1,4 @@
-AC_INIT([icedtea6],[1.11.8pre],[distro-pkg-dev at openjdk.java.net])
+AC_INIT([icedtea6],[1.11.8],[distro-pkg-dev at openjdk.java.net])
AM_INIT_AUTOMAKE([1.9 tar-pax foreign])
AC_CONFIG_FILES([Makefile])
diff -r d6603cf5d5ad -r bc9651b26684 patches/openjdk/7123519-problems_with_certification_path.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/openjdk/7123519-problems_with_certification_path.patch Tue Feb 19 16:20:57 2013 -0500
@@ -0,0 +1,1055 @@
+# HG changeset patch
+# User robm
+# Date 1326225462 0
+# Node ID a224904d42db1f54139257221e9b545bd1c90b2e
+# Parent 6621fc84cbd66d4adc4cb5dbb11015719c281fc5
+7123519: problems with certification path
+Reviewed-by: xuelei, coffeys
+
+diff --git a/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java b/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java
+--- openjdk/jdk/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java
++++ openjdk/jdk/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+@@ -640,7 +640,10 @@
+ + "\n Subject: " + cert.getSubjectX500Principal() + ")");
+ }
+
+- ForwardState currState = (ForwardState) currentState;
++ ForwardState currState = (ForwardState)currentState;
++
++ // Don't bother to verify untrusted certificate.
++ currState.untrustedChecker.check(cert, Collections.<String>emptySet());
+
+ /*
+ * check for looping - abort a loop if
+diff --git a/src/share/classes/sun/security/provider/certpath/ForwardState.java b/src/share/classes/sun/security/provider/certpath/ForwardState.java
+--- openjdk/jdk/src/share/classes/sun/security/provider/certpath/ForwardState.java
++++ openjdk/jdk/src/share/classes/sun/security/provider/certpath/ForwardState.java
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+@@ -78,6 +78,9 @@
+
+ /* the checker used for revocation status */
+ public CrlRevocationChecker crlChecker;
++
++ /* the untrusted certificates checker */
++ UntrustedChecker untrustedChecker;
+
+ /* The list of user-defined checkers that support forward checking */
+ ArrayList<PKIXCertPathChecker> forwardCheckers;
+diff --git a/src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java b/src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java
+--- openjdk/jdk/src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java
++++ openjdk/jdk/src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+@@ -292,8 +292,10 @@
+ pkixParam.isAnyPolicyInhibited(),
+ pkixParam.getPolicyQualifiersRejected(),
+ rootNode);
++ UntrustedChecker untrustedChecker = new UntrustedChecker();
+
+ // add standard checkers that we will be using
++ certPathCheckers.add(untrustedChecker);
+ certPathCheckers.add(algorithmChecker);
+ certPathCheckers.add(keyChecker);
+ certPathCheckers.add(constraintsChecker);
+diff --git a/src/share/classes/sun/security/provider/certpath/ReverseBuilder.java b/src/share/classes/sun/security/provider/certpath/ReverseBuilder.java
+--- openjdk/jdk/src/share/classes/sun/security/provider/certpath/ReverseBuilder.java
++++ openjdk/jdk/src/share/classes/sun/security/provider/certpath/ReverseBuilder.java
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2000, 2009, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+@@ -345,6 +345,10 @@
+ if (currentState.isInitial()) {
+ return;
+ }
++
++ // Don't bother to verify untrusted certificate.
++ currentState.untrustedChecker.check(cert,
++ Collections.<String>emptySet());
+
+ /* check that the signature algorithm is not disabled. */
+ AlgorithmChecker.check(cert);
+diff --git a/src/share/classes/sun/security/provider/certpath/ReverseState.java b/src/share/classes/sun/security/provider/certpath/ReverseState.java
+--- openjdk/jdk/src/share/classes/sun/security/provider/certpath/ReverseState.java
++++ openjdk/jdk/src/share/classes/sun/security/provider/certpath/ReverseState.java
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+@@ -95,6 +95,9 @@
+
+ /* the checker used for revocation status */
+ public CrlRevocationChecker crlChecker;
++
++ /* the untrusted certificates checker */
++ UntrustedChecker untrustedChecker;
+
+ /* the trust anchor used to validate the path */
+ TrustAnchor trustAnchor;
+diff --git a/src/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java b/src/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java
+--- openjdk/jdk/src/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java
++++ openjdk/jdk/src/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+@@ -304,6 +304,7 @@
+ // init the crl checker
+ currentState.crlChecker =
+ new CrlRevocationChecker(null, buildParams, null, onlyEECert);
++ currentState.untrustedChecker = new UntrustedChecker();
+ try {
+ depthFirstSearchReverse(null, currentState,
+ new ReverseBuilder(buildParams, targetSubjectDN), adjacencyList,
+@@ -350,6 +351,7 @@
+ // init the crl checker
+ currentState.crlChecker
+ = new CrlRevocationChecker(null, buildParams, null, onlyEECert);
++ currentState.untrustedChecker = new UntrustedChecker();
+
+ depthFirstSearchForward(targetSubjectDN, currentState,
+ new ForwardBuilder
+@@ -625,8 +627,8 @@
+ vertex.setIndex(adjList.size() - 1);
+
+ /* recursively search for matching certs at next dN */
+- depthFirstSearchForward(cert.getIssuerX500Principal(), nextState, builder,
+- adjList, certPathList);
++ depthFirstSearchForward(cert.getIssuerX500Principal(),
++ nextState, builder, adjList, certPathList);
+
+ /*
+ * If path has been completed, return ASAP!
+diff --git a/src/share/classes/sun/security/provider/certpath/UntrustedChecker.java b/src/share/classes/sun/security/provider/certpath/UntrustedChecker.java
+new file mode 100644
+--- /dev/null
++++ openjdk/jdk/src/share/classes/sun/security/provider/certpath/UntrustedChecker.java
+@@ -0,0 +1,88 @@
++/*
++ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
++ *
++ * This code is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License version 2 only, as
++ * published by the Free Software Foundation. Oracle designates this
++ * particular file as subject to the "Classpath" exception as provided
++ * by Oracle in the LICENSE file that accompanied this code.
++ *
++ * This code is distributed in the hope that it will be useful, but WITHOUT
++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * version 2 for more details (a copy is included in the LICENSE file that
++ * accompanied this code).
++ *
++ * You should have received a copy of the GNU General Public License version
++ * 2 along with this work; if not, write to the Free Software Foundation,
++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
++ *
++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
++ * or visit www.oracle.com if you need additional information or have any
++ * questions.
++ */
++package sun.security.provider.certpath;
++
++import java.security.cert.Certificate;
++import java.security.cert.X509Certificate;
++import java.security.cert.CertPathValidatorException;
++import java.security.cert.PKIXCertPathChecker;
++import java.util.Set;
++import java.util.Collection;
++import sun.security.util.Debug;
++import sun.security.util.UntrustedCertificates;
++
++/**
++ * A <code>PKIXCertPathChecker</code> implementation to check whether a
++ * specified certificate is distrusted.
++ *
++ * @see PKIXCertPathChecker
++ * @see PKIXParameters
++ */
++final public class UntrustedChecker extends PKIXCertPathChecker {
++
++ private static final Debug debug = Debug.getInstance("certpath");
++
++ /**
++ * Default Constructor
++ */
++ public UntrustedChecker() {
++ // blank
++ }
++
++ @Override
++ public void init(boolean forward) throws CertPathValidatorException {
++ // Note that this class supports both forward and reverse modes.
++ }
++
++ @Override
++ public boolean isForwardCheckingSupported() {
++ // Note that this class supports both forward and reverse modes.
++ return true;
++ }
++
++ @Override
++ public Set<String> getSupportedExtensions() {
++ return null;
++ }
++
++ @Override
++ public void check(Certificate cert,
++ Collection<String> unresolvedCritExts)
++ throws CertPathValidatorException {
++
++ X509Certificate currCert = (X509Certificate)cert;
++
++ if (UntrustedCertificates.isUntrusted(currCert)) {
++ if (debug != null) {
++ debug.println("UntrustedChecker: untrusted certificate " +
++ currCert.getSubjectX500Principal());
++ }
++
++ throw new CertPathValidatorException(
++ "Untrusted certificate: " + currCert.getSubjectX500Principal());
++ }
++ }
++}
++
+diff --git a/src/share/classes/sun/security/util/UntrustedCertificates.java b/src/share/classes/sun/security/util/UntrustedCertificates.java
+new file mode 100644
+--- /dev/null
++++ openjdk/jdk/src/share/classes/sun/security/util/UntrustedCertificates.java
+@@ -0,0 +1,743 @@
++/*
++ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
++ *
++ * This code is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License version 2 only, as
++ * published by the Free Software Foundation. Oracle designates this
++ * particular file as subject to the "Classpath" exception as provided
++ * by Oracle in the LICENSE file that accompanied this code.
++ *
++ * This code is distributed in the hope that it will be useful, but WITHOUT
++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * version 2 for more details (a copy is included in the LICENSE file that
++ * accompanied this code).
++ *
++ * You should have received a copy of the GNU General Public License version
++ * 2 along with this work; if not, write to the Free Software Foundation,
++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
++ *
++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
++ * or visit www.oracle.com if you need additional information or have any
++ * questions.
++ */
++package sun.security.util;
++
++import java.io.IOException;
++import java.io.ByteArrayInputStream;
++import java.security.cert.X509Certificate;
++import java.security.cert.CertificateFactory;
++import java.security.cert.CertificateException;
++import java.util.Set;
++import java.util.HashSet;
++
++/**
++ * A utility class to check if a certificate is untrusted. This is an internal
++ * mechanism that explicitly marks a certificate as untrusted, normally in the
++ * case that a certificate is known to be used for malicious reasons.
++ *
++ * <b>Attention</b>: This check is NOT meant to replace the standard PKI-defined
++ * validation check, neither is it used as an alternative to CRL.
++ */
++public final class UntrustedCertificates {
++
++ private final static Set<X509Certificate> untrustedCerts =
++ new HashSet<X509Certificate>();
++
++ /**
++ * Checks if a certificate is untrusted.
++ *
++ * @param cert the certificate to check
++ * @return true if the certificate is untrusted.
++ */
++ public static boolean isUntrusted(X509Certificate cert) {
++ return untrustedCerts.contains(cert);
++ }
++
++ private static void add(String alias, String pemCert) {
++ // generate certificate from PEM certificate
++ try {
++ ByteArrayInputStream is =
++ new ByteArrayInputStream(pemCert.getBytes());
++ CertificateFactory cf = CertificateFactory.getInstance("X.509");
++ X509Certificate cert = (X509Certificate)cf.generateCertificate(is);
++
++ if (!untrustedCerts.add(cert)) {
++ throw new RuntimeException("Duplicate untrusted certificate: " +
++ cert.getSubjectX500Principal());
++ }
++ } catch (CertificateException e) {
++ throw new RuntimeException(
++ "Incorrect untrusted certificate: " + alias, e);
++ }
++ }
++
++ static {
++ // -----------------------------------------------------------------
++ // Compromised CAs of Digicert Malaysia
++ //
++ // Reported by Digicert in its announcement on November 05, 2011.
++ //
++
++ // Digicert Malaysia intermediate, cross-signed by CyberTrust
++ //
++ // Subject: CN=Digisign Server ID (Enrich),
++ // OU=457608-K,
++ // O=Digicert Sdn. Bhd.,
++ // C=MY
++ // Issuer: CN=GTE CyberTrust Global Root,
++ // OU=GTE CyberTrust Solutions, Inc.,
++ // O=GTE Corporation,
++ // C=US
++ // Serial: 120001705 (07:27:14:a9)
++ add("digicert-server-cross-to-cybertrust-4C0E636A",
++ "-----BEGIN CERTIFICATE-----\n" +
++ "MIIDyzCCAzSgAwIBAgIEBycUqTANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJV\n" +
++ "UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU\n" +
++ "cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds\n" +
++ "b2JhbCBSb290MB4XDTA3MDcxNzE1MTc0OFoXDTEyMDcxNzE1MTY1NFowYzELMAkG\n" +
++ "A1UEBhMCTVkxGzAZBgNVBAoTEkRpZ2ljZXJ0IFNkbi4gQmhkLjERMA8GA1UECxMI\n" +
++ "NDU3NjA4LUsxJDAiBgNVBAMTG0RpZ2lzaWduIFNlcnZlciBJRCAoRW5yaWNoKTCB\n" +
++ "nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArahkS02Hx4RZufuQRqCmicDx/tXa\n" +
++ "VII3DZkrRSYK6Fawf8qo9I5HhAGCKeOzarWR8/uVhbxyqGToCkCcxfRxrnt7agfq\n" +
++ "kBRPjYmvlKuyBtQCanuYH1m5Os1U+iDfsioK6bjdaZDAKdNO0JftZszFGUkGf/pe\n" +
++ "LHx7hRsyQt97lSUCAwEAAaOCAXgwggF0MBIGA1UdEwEB/wQIMAYBAf8CAQAwXAYD\n" +
++ "VR0gBFUwUzBIBgkrBgEEAbE+AQAwOzA5BggrBgEFBQcCARYtaHR0cDovL2N5YmVy\n" +
++ "dHJ1c3Qub21uaXJvb3QuY29tL3JlcG9zaXRvcnkuY2ZtMAcGBWCDSgEBMA4GA1Ud\n" +
++ "DwEB/wQEAwIB5jCBiQYDVR0jBIGBMH+heaR3MHUxCzAJBgNVBAYTAlVTMRgwFgYD\n" +
++ "VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv\n" +
++ "bHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJv\n" +
++ "b3SCAgGlMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly93d3cucHVibGljLXRydXN0\n" +
++ "LmNvbS9jZ2ktYmluL0NSTC8yMDE4L2NkcC5jcmwwHQYDVR0OBBYEFMYWk04WF+wW\n" +
++ "royUdvOGbcV0boR3MA0GCSqGSIb3DQEBBQUAA4GBAHYAe6Z4K2Ydjl42xqSOBfIj\n" +
++ "knyTZ9P0wAp9iy3Z6tVvGvPhSilaIoRNUC9LDPL/hcJ7VdREgr5trGeOvLQfkpxR\n" +
++ "gBoU9m6rYYgLrRx/90tQUdZlG6ZHcRVesHHzNRTyN71jyNXwk1o0X9g96F33xR7A\n" +
++ "5c8fhiSpPAdmzcHSNmNZ\n" +
++ "-----END CERTIFICATE-----");
++
++ // Digicert Malaysia intermediate, cross-signed by Entrust
++ //
++ // Subject: CN=Digisign Server ID - (Enrich),
++ // OU=457608-K,
++ // O=Digicert Sdn. Bhd.,
++ // C=MY
++ // Issuer: CN=Entrust.net Certification Authority (2048)
++ // OU=(c) 1999 Entrust.net Limited,
++ // OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),
++ // O=Entrust.net
++ // Serial: 1184644297 (4c:0e:63:6a)
++ add("digicert-server-cross-to-entrust-ca-4C0E636A",
++ "-----BEGIN CERTIFICATE-----\n" +
++ "MIIEzjCCA7agAwIBAgIETA5jajANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML\n" +
++ "RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp\n" +
++ "bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5\n" +
++ "IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp\n" +
++ "ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw0xMDA3MTYxNzIzMzdaFw0xNTA3\n" +
++ "MTYxNzUzMzdaMGUxCzAJBgNVBAYTAk1ZMRswGQYDVQQKExJEaWdpY2VydCBTZG4u\n" +
++ "IEJoZC4xETAPBgNVBAsTCDQ1NzYwOC1LMSYwJAYDVQQDEx1EaWdpc2lnbiBTZXJ2\n" +
++ "ZXIgSUQgLSAoRW5yaWNoKTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n" +
++ "AMWJ5PQNBkCSWccaszXRDkwqM/n4r8qef+65p21g9FTob9Wb8xtjMQRoctE0Foy0\n" +
++ "FyyX3nPF2JAVoBor9cuzSIZE8B2ITM5BQhrv9Qze/kDaOSD3BlU6ap1GwdJvpbLI\n" +
++ "Vz4po5zg6YV3ZuiYpyR+vsBZIOVEb7ZX2L7OwmV3WMZhQdF0BMh/SULFcqlyFu6M\n" +
++ "3RJdtErU0a9Qt9iqdXZorT5dqjBtYairEFs+E78z4K9EnTgiW+9ML6ZxJhUmyiiM\n" +
++ "2fqOjqmiFDXimySItPR/hZ2DTwehthSQNsQ0HI0mYW0Tb3i+6I8nx0uElqOGaAwj\n" +
++ "vgvsjJQAqQSKE5D334VsDLECAwEAAaOCATQwggEwMA4GA1UdDwEB/wQEAwIBBjAS\n" +
++ "BgNVHRMBAf8ECDAGAQH/AgEAMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcD\n" +
++ "AgYIKwYBBQUHAwQwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8v\n" +
++ "b2NzcC5lbnRydXN0Lm5ldDBEBgNVHSAEPTA7MDkGBWCDSgEBMDAwLgYIKwYBBQUH\n" +
++ "AgEWImh0dHA6Ly93d3cuZGlnaWNlcnQuY29tLm15L2Nwcy5odG0wMgYDVR0fBCsw\n" +
++ "KTAnoCWgI4YhaHR0cDovL2NybC5lbnRydXN0Lm5ldC8yMDQ4Y2EuY3JsMBEGA1Ud\n" +
++ "DgQKBAhMTswlKAMpgTAfBgNVHSMEGDAWgBRV5IHREYC+2Im5CKMx+aEkCRa5cDAN\n" +
More information about the distro-pkg-dev
mailing list