Jan Palus [Thu, 1 Apr 2021 22:45:07 +0000 (00:45 +0200)]
fix self conflict on /etc/ssl/certs/ca-certificates.crt; rel 4
"file /etc/ssl/certs/ca-certificates.crt conflicts between attempted installs of ca-certificates-20210119-3.noarch and ca-certificates-20210119-3.noarch"
on systems which got an update to ca-certificates-20180409-3 upgrade
may fail under rpm4 with above error. the reason being incomplete
migration from /etc/ssl/certs being a symlink (20180409-3 f1df9d4) to
becoming a directory (20180409-4 0923a3c). drop symlink in %pretrans.
Jan Palus [Sat, 30 Jan 2021 11:24:52 +0000 (12:24 +0100)]
don't mark ca-certificates.crt as %config(noreplace)
...or it may never get updated after single installation of
ca-certificates-update. Let's assume anyone with custom certificates has
ca-certificates-update which will update ca-certificates.crt after
upgrade
Jan Palus [Sat, 30 Jan 2021 11:18:06 +0000 (12:18 +0100)]
drop expired certificates
class1.pem: Not After : Apr 26 10:32:12 2005 GMT
class2.pem: Not After : Jun 4 09:05:44 2005 GMT
class3.pem: Not After : Jun 4 09:13:06 2005 GMT
class4.pem: Not After : Jun 4 09:19:41 2006 GMT
level1.pem: Not After : Jul 12 16:31:53 2012 GMT
level2.pem: Not After : Jul 12 16:32:03 2012 GMT
level3.pem: Not After : Jul 12 16:32:17 2012 GMT
level4.pem: Not After : Jul 12 16:32:35 2012 GMT
na.pem: Not After : Aug 28 17:16:25 2012 GMT
tsa.pem: Not After : Aug 28 17:05:14 2012 GMT
vs.pem: Not After : Aug 28 17:10:36 2012 GMT
TERENACodeSigningCA.crt: Not After : May 30 10:48:38 2020 GMT
TERENAeScienceSSLCA.crt: Not After : May 30 10:48:38 2020 GMT
TERENASSLCA.crt: Not After : May 30 10:48:38 2020 GMT
ESTEID-SK_2007.PEM.cer: Not After : Aug 26 14:23:01 2016 GMT
ESTEID-SK.PEM.cer: Not After : Jan 13 16:44:50 2012 GMT
JUUR-SK.PEM.cer: Not After : Aug 26 14:23:01 2016 GMT
Jacek Konieczny [Sun, 13 Jan 2019 12:32:34 +0000 (13:32 +0100)]
symlink just /etc/ssl/certs/ca-certificates.crt
Restrictive permissions to PLD /etc/certs break gajim when symlinked to
/etc/ssl/certs:
> 2019-01-13 13:27:08 (E) nbxmpp.tls_nb PlugIn: while trying _startSSL():
> Traceback (most recent call last):
> File "/usr/share/python3.7/site-packages/nbxmpp/tls_nb.py", line 288, in plugin
> res = self._startSSL()
> File "/usr/share/python3.7/site-packages/nbxmpp/tls_nb.py", line 327, in _startSSL
> result = self._startSSL_pyOpenSSL()
> File "/usr/share/python3.7/site-packages/nbxmpp/tls_nb.py", line 451, in _startSSL_pyOpenSSL
> for f in os.listdir('/etc/ssl/certs'):
> PermissionError: [Errno 13] Permission denied: '/etc/ssl/certs'
Elan Ruusamäe [Wed, 11 Feb 2015 11:22:02 +0000 (13:22 +0200)]
.
add /etc/pki/tls/certs/ca-bundle.crt symlink to %{certsdir}/ca-certificates.crt
this lessens need to patch software locations to ca-bundle.crt, as
really, only pld uses the path we use.
maybe this should be opposite way file vs symlink?
Elan Ruusamäe [Fri, 13 Sep 2013 13:16:59 +0000 (16:16 +0300)]
up to 20130906: Update mozilla/certdata.txt to version 1.94
Certificates added (+) and removed (-):
+ "CA Disig Root R1"
+ "CA Disig Root R2"
+ "China Internet Network Information Center EV Certificates Root"
+ "D-TRUST Root Class 3 CA 2 2009"
+ "D-TRUST Root Class 3 CA 2 EV 2009"
+ "PSCProcert"
+ "Swisscom Root CA 2"
+ "Swisscom Root EV CA 2"
+ "TURKTRUST Certificate Services Provider Root 2007"
- "Equifax Secure eBusiness CA 2"
- "TC TrustCenter Universal CA III"
CAcert root and class3 certificates are now installed as individual
files, no longer as the concatenation of the two. The certificates
are installed as cacert.org_root.crt and cacert.org_class3.crt for
ease of identification.
Remove obsolete debconf.org CA.
Remove obsolete SPI CA certificate expired in 2007.
Elan Ruusamäe [Wed, 27 Jun 2012 08:50:42 +0000 (08:50 +0000)]
- update to 20120623
- mozilla certs changed license to MPL-2.0
- mozilla/certdata.txt updated to version 1.81:
Certificates added (+) and removed (-):
+ "Security Communication RootCA2"
+ "EC-ACC"
+ "Hellenic Academic and Research Institutions RootCA 2011"
- "Verisign Class 2 Public Primary Certification Authority"
- "Verisign Class 4 Public Primary Certification Authority - G2"
- "TC TrustCenter, Germany, Class 2 CA"
- "TC TrustCenter, Germany, Class 3 CA"
Elan Ruusamäe [Sat, 12 May 2012 13:15:57 +0000 (13:15 +0000)]
- add /etc/ca-certificates.d to support local certs, so there won't be need to edit package version of /etc/ca-certificates.conf, and thus no .rpmnew merge need
Jan Rękorajski [Tue, 23 Mar 2010 12:16:53 +0000 (12:16 +0000)]
- rel 6
- added TERENA CA, https://www.terena.org/
- updated mozilla bundle from nss-3.12.5
- avoid making duplicate .pem ext in update-ca-certificates script