Skip to content

Commit 691f58e

Browse files
bnoordhuistargos
bnoordhuis
authored and
targos
committed
tls: remove trustcor root ca certificates
Follow what Ubuntu did and simply remove the CA certificates altogether. Fixes: #45762 Refs: https://ubuntu.com/security/notices/USN-5761-2 PR-URL: #45776 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com>
1 parent 382efdf commit 691f58e

File tree

2 files changed

+2
-82
lines changed

2 files changed

+2
-82
lines changed

src/node_root_certs.h

Lines changed: 0 additions & 82 deletions
Original file line numberDiff line numberDiff line change
@@ -2154,88 +2154,6 @@
21542154
"boPoDKi3QWwH3b08hpcv0g==\n"
21552155
"-----END CERTIFICATE-----",
21562156

2157-
/* TrustCor RootCert CA-1 */
2158-
"-----BEGIN CERTIFICATE-----\n"
2159-
"MIIEMDCCAxigAwIBAgIJANqb7HHzA7AZMA0GCSqGSIb3DQEBCwUAMIGkMQswCQYDVQQGEwJQ\n"
2160-
"QTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEkMCIGA1UECgwbVHJ1\n"
2161-
"c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5UcnVzdENvciBDZXJ0aWZpY2F0\n"
2162-
"ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRydXN0Q29yIFJvb3RDZXJ0IENBLTEwHhcNMTYwMjA0\n"
2163-
"MTIzMjE2WhcNMjkxMjMxMTcyMzE2WjCBpDELMAkGA1UEBhMCUEExDzANBgNVBAgMBlBhbmFt\n"
2164-
"YTEUMBIGA1UEBwwLUGFuYW1hIENpdHkxJDAiBgNVBAoMG1RydXN0Q29yIFN5c3RlbXMgUy4g\n"
2165-
"ZGUgUi5MLjEnMCUGA1UECwweVHJ1c3RDb3IgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR8wHQYD\n"
2166-
"VQQDDBZUcnVzdENvciBSb290Q2VydCBDQS0xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n"
2167-
"CgKCAQEAv463leLCJhJrMxnHQFgKq1mqjQCj/IDHUHuO1CAmujIS2CNUSSUQIpidRtLByZ5O\n"
2168-
"Gy4sDjjzGiVoHKZaBeYei0i/mJZ0PmnK6bV4pQa81QBeCQryJ3pS/C3Vseq0iWEk8xoT26nP\n"
2169-
"Uu0MJLq5nux+AHT6k61sKZKuUbS701e/s/OojZz0JEsq1pme9J7+wH5COucLlVPat2gOkEz7\n"
2170-
"cD+PSiyU8ybdY2mplNgQTsVHCJCZGxdNuWxu72CVEY4hgLW9oHPY0LJ3xEXqWib7ZnZ2+AYf\n"
2171-
"YW0PVcWDtxBWcgYHpfOxGgMFZA6dWorWhnAbJN7+KIor0Gqw/Hqi3LJ5DotlDwIDAQABo2Mw\n"
2172-
"YTAdBgNVHQ4EFgQU7mtJPHo/DeOxCbeKyKsZn3MzUOcwHwYDVR0jBBgwFoAU7mtJPHo/DeOx\n"
2173-
"CbeKyKsZn3MzUOcwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcN\n"
2174-
"AQELBQADggEBACUY1JGPE+6PHh0RU9otRCkZoB5rMZ5NDp6tPVxBb5UrJKF5mDo4Nvu7Zp5I\n"
2175-
"/5CQ7z3UuJu0h3U/IJvOcs+hVcFNZKIZBqEHMwwLKeXx6quj7LUKdJDHfXLy11yfke+Ri7fc\n"
2176-
"7Waiz45mO7yfOgLgJ90WmMCV1Aqk5IGadZQ1nJBfiDcGrVmVCrDRZ9MZyonnMlo2HD6CqFqT\n"
2177-
"vsbQZJG2z9m2GM/bftJlo6bEjhcxwft+dtvTheNYsnd6djtsL1Ac59v2Z3kf9YKVmgenFK+P\n"
2178-
"3CghZwnS1k1aHBkcjndcw5QkPTJrS37UeJSDvjdNzl/HHk484IkzlQsPpTLWPFp5LBk=\n"
2179-
"-----END CERTIFICATE-----",
2180-
2181-
/* TrustCor RootCert CA-2 */
2182-
"-----BEGIN CERTIFICATE-----\n"
2183-
"MIIGLzCCBBegAwIBAgIIJaHfyjPLWQIwDQYJKoZIhvcNAQELBQAwgaQxCzAJBgNVBAYTAlBB\n"
2184-
"MQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQwIgYDVQQKDBtUcnVz\n"
2185-
"dENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRydXN0Q29yIENlcnRpZmljYXRl\n"
2186-
"IEF1dGhvcml0eTEfMB0GA1UEAwwWVHJ1c3RDb3IgUm9vdENlcnQgQ0EtMjAeFw0xNjAyMDQx\n"
2187-
"MjMyMjNaFw0zNDEyMzExNzI2MzlaMIGkMQswCQYDVQQGEwJQQTEPMA0GA1UECAwGUGFuYW1h\n"
2188-
"MRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEkMCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBk\n"
2189-
"ZSBSLkwuMScwJQYDVQQLDB5UcnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNV\n"
2190-
"BAMMFlRydXN0Q29yIFJvb3RDZXJ0IENBLTIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK\n"
2191-
"AoICAQCnIG7CKqJiJJWQdsg4foDSq8GbZQWU9MEKENUCrO2fk8eHyLAnK0IMPQo+QVqedd2N\n"
2192-
"yuCb7GgypGmSaIwLgQ5WoD4a3SwlFIIvl9NkRvRUqdw6VC0xK5mC8tkq1+9xALgxpL56JAfD\n"
2193-
"QiDyitSSBBtlVkxs1Pu2YVpHI7TYabS3OtB0PAx1oYxOdqHp2yqlO/rOsP9+aij9JxzIsekp\n"
2194-
"8VduZLTQwRVtDr4uDkbIXvRR/u8OYzo7cbrPb1nKDOObXUm4TOJXsZiKQlecdu/vvdFoqNL0\n"
2195-
"Cbt3Nb4lggjEFixEIFapRBF37120Hapeaz6LMvYHL1cEksr1/p3C6eizjkxLAjHZ5DxIgif3\n"
2196-
"GIJ2SDpxsROhOdUuxTTCHWKF3wP+TfSvPd9cW436cOGlfifHhi5qjxLGhF5DUVCcGZt45vz2\n"
2197-
"7Ud+ez1m7xMTiF88oWP7+ayHNZ/zgp6kPwqcMWmLmaSISo5uZk3vFsQPeSghYA2FFn3XVDjx\n"
2198-
"klb9tTNMg9zXEJ9L/cb4Qr26fHMC4P99zVvh1Kxhe1fVSntb1IVYJ12/+CtgrKAmrhQhJ8Z3\n"
2199-
"mjOAPF5GP/fDsaOGM8boXg25NSyqRsGFAnWAoOsk+xWq5Gd/bnc/9ASKL3x74xdh8N0JqSDI\n"
2200-
"vgmk0H5Ew7IwSjiqqewYmgeCK9u4nBit2uBGF6zPXQIDAQABo2MwYTAdBgNVHQ4EFgQU2f4h\n"
2201-
"QG6UnrybPZx9mCAZ5YwwYrIwHwYDVR0jBBgwFoAU2f4hQG6UnrybPZx9mCAZ5YwwYrIwDwYD\n"
2202-
"VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBAJ5Fngw7\n"
2203-
"tu/hOsh80QA9z+LqBrWyOrsGS2h60COXdKcs8AjYeVrXWoSK2BKaG9l9XE1wxaX5q+WjiYnd\n"
2204-
"Afrs3fnpkpfbsEZC89NiqpX+MWcUaViQCqoL7jcjx1BRtPV+nuN79+TMQjItSQzL/0kMmx40\n"
2205-
"/W5ulop5A7Zv2wnL/V9lFDfhOPXzYRZY5LVtDQsEGz9QLX+zx3oaFoBg+Iof6Rsqxvm6ARpp\n"
2206-
"v9JYx1RXCI/hOWB3S6xZhBqI8d3LT3jX5+EzLfzuQfogsL7L9ziUwOHQhQ+77Sxzq+3+knYa\n"
2207-
"ZH9bDTMJBzN7Bj8RpFxwPIXAz+OQqIN3+tvmxYxoZxBnpVIt8MSZj3+/0WvitUfW2dCFmU2U\n"
2208-
"mw9Lje4AWkcdEQOsQRivh7dvDDqPys/cA8GiCcjl/YBeyGBCARsaU1q7N6a3vLqE6R5sGtRk\n"
2209-
"2tRD/pOLS/IseRYQ1JMLiI+h2IYURpFHmygk71dSTlxCnKr3Sewn6EAes6aJInKc9Q0ztFij\n"
2210-
"MDvd1GpUk74aTfOTlPf8hAs/hCBcNANExdqtvArBAs8e5ZTZ845b2EzwnexhF7sUMlQMAimT\n"
2211-
"HpKG9n/v55IFDlndmQguLvqcAFLTxWYp5KeXRKQOKIETNcX2b2TmQcTVL8w0RSXPQQCWPUou\n"
2212-
"wpaYT05KnJe32x+SMsj/D1Fu1uwJ\n"
2213-
"-----END CERTIFICATE-----",
2214-
2215-
/* TrustCor ECA-1 */
2216-
"-----BEGIN CERTIFICATE-----\n"
2217-
"MIIEIDCCAwigAwIBAgIJAISCLF8cYtBAMA0GCSqGSIb3DQEBCwUAMIGcMQswCQYDVQQGEwJQ\n"
2218-
"QTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEkMCIGA1UECgwbVHJ1\n"
2219-
"c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5UcnVzdENvciBDZXJ0aWZpY2F0\n"
2220-
"ZSBBdXRob3JpdHkxFzAVBgNVBAMMDlRydXN0Q29yIEVDQS0xMB4XDTE2MDIwNDEyMzIzM1oX\n"
2221-
"DTI5MTIzMTE3MjgwN1owgZwxCzAJBgNVBAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNV\n"
2222-
"BAcMC1BhbmFtYSBDaXR5MSQwIgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4x\n"
2223-
"JzAlBgNVBAsMHlRydXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOVHJ1\n"
2224-
"c3RDb3IgRUNBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPj+ARtZ+odnbb\n"
2225-
"3w9U73NjKYKtR8aja+3+XzP4Q1HpGjORMRegdMTUpwHmspI+ap3tDvl0mEDTPwOABoJA6LHi\n"
2226-
"p1GnHYMma6ve+heRK9jGrB6xnhkB1Zem6g23xFUfJ3zSCNV2HykVh0A53ThFEXXQmqc04L/N\n"
2227-
"yFIduUd+Dbi7xgz2c1cWWn5DkR9VOsZtRASqnKmcp0yJF4OuowReUoCLHhIlERnXDH19MURB\n"
2228-
"6tuvsBzvgdAsxZohmz3tQjtQJvLsznFhBmIhVE5/wZ0+fyCMgMsq2JdiyIMzkX2woloPV+g7\n"
2229-
"zPIlstR8L+xNxqE6FXrntl019fZISjZFZtS6mFjBAgMBAAGjYzBhMB0GA1UdDgQWBBREnkj1\n"
2230-
"zG1I1KBLf/5ZJC+Dl5mahjAfBgNVHSMEGDAWgBREnkj1zG1I1KBLf/5ZJC+Dl5mahjAPBgNV\n"
2231-
"HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEABT41XBVw\n"
2232-
"m8nHc2FvcivUwo/yQ10CzsSUuZQRg2dd4mdsdXa/uwyqNsatR5Nj3B5+1t4u/ukZMjgDfxT2\n"
2233-
"AHMsWbEhBuH7rBiVDKP/mZb3Kyeb1STMHd3BOuCYRLDE5D53sXOpZCz2HAF8P11FhcCF5yWP\n"
2234-
"ldwX8zyfGm6wyuMdKulMY/okYWLW2n62HGz1Ah3UKt1VkOsqEUc8Ll50soIipX1TH0XsJ5F9\n"
2235-
"5yIW6MBoNtjG8U+ARDL54dHRHareqKucBK+tIA5kmE2la8BIWJZpTdwHjFGTot+fDz2LYLSC\n"
2236-
"jaoITmJF4PkL0uDgPFveXHEnJcLmA4GLEFPjx1WitJ/X5g==\n"
2237-
"-----END CERTIFICATE-----",
2238-
22392157
/* SSL.com Root Certification Authority RSA */
22402158
"-----BEGIN CERTIFICATE-----\n"
22412159
"MIIF3TCCA8WgAwIBAgIIeyyb0xaAMpkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMx\n"

tools/mk-ca-bundle.pl

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -260,6 +260,8 @@ (%)
260260

261261
if ( !should_output_cert(%trust_purposes_by_level) ) {
262262
$skipnum ++;
263+
} elsif ($caname =~ /TrustCor/) {
264+
$skipnum ++;
263265
} else {
264266
my $encoded = MIME::Base64::encode_base64($data, '');
265267
$encoded =~ s/(.{1,${opt_w}})/"$1\\n"\n/g;

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy