Regen cert.pem

ok sthen

New Roots for existing CA:
/CN=Atos TrustedRoot Root CA ECC TLS 2021/O=Atos/C=DE
/CN=Atos TrustedRoot Root CA RSA TLS 2021/O=Atos/C=DE

New CA:
BEIJING CERTIFICATE AUTHORITY
/C=CN/O=BEIJING CERTIFICATE AUTHORITY/CN=BJCA Global Root CA1
/C=CN/O=BEIJING CERTIFICATE AUTHORITY/CN=BJCA Global Root CA2

Two E-Tugra roots were removed due to a breach:
/C=TR/L=Ankara/O=E-Tugra EBG A.S./OU=E-Tugra Trust Center/CN=E-Tugra Global Root CA ECC v3
/C=TR/L=Ankara/O=E-Tugra EBG A.S./OU=E-Tugra Trust Center/CN=E-Tugra Global Root CA RSA v3
https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A

Removed expired root:
/C=HK/O=Hongkong Post/CN=Hongkong Post Root CA 1

Removed expired CA:
SECOM Trust.net
/C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1

New CA:
Sectigo Limited
/C=GB/O=Sectigo Limited/CN=Sectigo Public Server Authentication Root E46
/C=GB/O=Sectigo Limited/CN=Sectigo Public Server Authentication Root R46

New roots for existing CA:
/C=US/O=SSL Corporation/CN=SSL.com TLS ECC Root CA 2022
/C=US/O=SSL Corporation/CN=SSL.com TLS RSA Root CA 2022

Remove some trailing whitespace

x509_prn.c r1.6 changed the output of 'openssl -in foo.pem -noout -text'
by removing trailing whitespace from non-critical certificate extensions.
Committing the difference now to reduces noise in an upcoming diff.

There's some trailing whitespace remaining. That's because we try to print
a BMPString in an User Notice's Explicit Text with "%*s". That doesn't work
so well with an encoding full of NULs...

Regen cert.pem

This drops a few certs per the CA's request and TrustCor because of drama.
Certainly, a new CA, is added as well as new certs for DigiCert, SECOM and
E-Tugra. Unizeto still haven't fixed one of their certs and we still don't
want the alternative Firmaprofesional with sha1WithRSAEncryption.

ok sthen

Sync cert.pem with certdata.txt from the NSS release branch. OK tb@ bcook@

remove (expired):
/O=Cybertrust, Inc/CN=Cybertrust Global Root
/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign

remove:
/C=ES/O=Agencia Catalana de Certificacio (NIF Q-0801176-I)/OU=Serveis Publics de Certificacio/OU=Vegeu https://www.catcert.net/verarrel (c)03/OU=Jerarquia Entitats de Certificacio Catalanes/CN=EC-ACC
/C=GB/O=Trustis Limited/OU=Trustis FPS Root CA

add new root (existing CAs):
/C=TW/O=Chunghwa Telecom Co., Ltd./CN=HiPKI Root CA - G1
/C=DE/O=D-Trust GmbH/CN=D-TRUST BR Root CA 1 2020
/C=DE/O=D-Trust GmbH/CN=D-TRUST EV Root CA 1 2020
/C=GR/O=Hellenic Academic and Research Institutions CA/CN=HARICA TLS ECC Root CA 2021
/C=GR/O=Hellenic Academic and Research Institutions CA/CN=HARICA TLS RSA Root CA 2021
/C=US/O=Internet Security Research Group/CN=ISRG Root X2
/C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA 2

add (new CAs):
/C=TN/O=Agence Nationale de Certification Electronique/CN=TunTrust Root CA
/serialNumber=G63287510/C=ES/O=ANF Autoridad de Certificacion/OU=ANF CA Raiz/CN=ANF Secure Server Root CA
/C=PL/O=Asseco Data Systems S.A./OU=Certum Certification Authority/CN=Certum EC-384 CA
/C=PL/O=Asseco Data Systems S.A./OU=Certum Certification Authority/CN=Certum Trusted Root CA
/C=AT/O=e-commerce monitoring GmbH/CN=GLOBALTRUST 2020
/C=CN/O=iTrusChina Co.,Ltd./CN=vTrus ECC Root CA
/C=CN/O=iTrusChina Co.,Ltd./CN=vTrus Root CA
/C=FI/O=Telia Finland Oyj/CN=Telia Root CA v2

replace with another cert with same CN (SHA1 vs SHA256):
/C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068

delete expired DST Root CA X3 to work around bugs various libraries
ok sthen, beck, jsing, tb, etc etc

sync cert.pem with Mozilla's CA list generated from certdata.txt
(certificates with the "server auth" trust purpose permitted).
ok tb@

-AC Camerfirma S.A.
- /C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Chambers of Commerce Root - 2008
- /C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Global Chambersign Root - 2008
-

FNMT-RCM
/C=ES/O=FNMT-RCM/OU=AC RAIZ FNMT-RCM
+ /C=ES/O=FNMT-RCM/OU=Ceres/2.5.4.97=VATES-Q2826004J/CN=AC RAIZ FNMT-RCM SERVIDORES SEGUROS

-GeoTrust Inc.
- /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
- /C=US/O=GeoTrust Inc./OU=(c) 2007 GeoTrust Inc. - For authorized use only/CN=GeoTrust Primary Certification Authority - G2
-

GlobalSign nv-sa
+ /C=BE/O=GlobalSign nv-sa/CN=GlobalSign Root E46
+ /C=BE/O=GlobalSign nv-sa/CN=GlobalSign Root R46
/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA

Staat der Nederlanden
/C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden EV Root CA
- /C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA - G3

Unizeto Technologies S.A.
/C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA
+ /C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA 2
-
-VeriSign, Inc.
- /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2008 VeriSign, Inc. - For authorized use only/CN=VeriSign Universal Root Certification Authority

(Note, "Staat der Nederlanden Root CA - G3" was changed to email trust only,
so is removed from this due to it only listing "server auth" purposes).

branches: 1.22.2;
Sync cert.pem with Mozilla NSS root CAs, except "GeoTrust Global CA", ok tb@

Notably this update removes various old Symantec roots (GeoTrust,
thawte, VeriSign) that were set in NSS to be distrusted on 1/1/2021.
Nobody should have been using these for years; only certain subCAs
signed by these were valid in NSS in that time due to an exemption:
https://wiki.mozilla.org/CA/Additional_Trust_Changes#Symantec
Notably Apple's "Apple IST CA 2 - G1" which is still in use for
some endpoints (it is cross signed by another CA too but these
endpoints are publishing the GeoTrust intermediate cert).

So for now I have skipped removal of "GeoTrust Global CA" to avoid
affecting these sites. Debian ran into this when they updated their
cert database and had to back this part out, affected sites are
not reachable on Android Firefox and maybe other newer Firefoxes.
Some sites that were affected have moved to a different CA in the
last few days but others, notably api.push.apple.com, remain
(I can only guess that there is a complicated problem involved,
possibly cert pinning on old devices - the clock is ticking though
as this expires in May 2022 anyway ;)

Additions:

/C=RO/O=CERTSIGN SA/OU=certSIGN ROOT CA G2
/C=HU/L=Budapest/O=Microsec Ltd./2.5.4.97=VATHU-23584497/CN=e-Szigno Root CA 2017
/C=KR/O=NAVER BUSINESS PLATFORM Corp./CN=NAVER Global Root Certification Authority
/C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global Certification Authority
/C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global ECC P256 Certification Authority
/C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global ECC P384 Certification Authority

Removals:

/C=US/O=GeoTrust Inc./CN=GeoTrust Primary Certification Authority
/C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA
/C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA 2
/C=US/O=GeoTrust Inc./OU=(c) 2008 GeoTrust Inc. - For authorized use only/CN=GeoTrust Primary Certification Authority - G3
/C=TW/O=Government Root Certification Authority
/C=LU/O=LuxTrust S.A./CN=LuxTrust Global Root 2
/C=US/O=thawte, Inc./OU=(c) 2007 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G2
/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2008 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G3
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G3
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2007 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G4
/C=CH/O=WISeKey/OU=Copyright (c) 2005/OU=OISTE Foundation Endorsed/CN=OISTE WISeKey Global Root GA CA

branches: 1.21.4;
Remove expired certificate, ok tb@
/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root

sync cert.pem with Mozilla's root ca list, ok beck@

update root CAs in cert.pem in sync with Mozilla
ok millert@

Regenerate root CA list using updated format-pem.pl. Specifically this
drops CA certificates whose validity dates don't comply with the rules on
ASN.1 encoding in RFC 5280 (and predecessors - same rule goes back to at
least RFC 2459, section 4.1.2.5).

LibreSSL strictly enforces this, so attempting to validate certificates
signed by these CAs just result in the following:

error 13 at 1 depth lookup:format error in certificate's notBefore field

"probably" beck@

sync with mozilla-release (one removal, TURKTRUST, more details at
https://bugzilla.mozilla.org/show_bug.cgi?id=1439127)

ok danj guenther millert

Full sync of CA list with Mozilla's.

Produced using curl's make-ca-bundle.pl and then reformatted with our
format-pem.pl from:
https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt

OK benno@. juanfra agrees with syncing with Mozilla. No objections received.

Add the following root CAs, from SECOM Trust Systems / Security Communication
of Japan, they are present in Mozilla's CA store. OK ajacoutot@

/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication EV RootCA1
/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication RootCA2
/C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1

Various work on cert.pem, ok bcook@

- print/sort using the full certificate subject rather than a pretty-printed
subset (as done in the current version of format-pem.pl); previously this was
resulting in a problem where a CN conflict resulted in the GlobalSign R2 CA
accidentally getting dropped in r1.10; problem found by Steven McDonald

- remove CA certificates that are no longer present in the CA store of the
release branch of Mozilla - possible now that libressl has support for
alternate chains (libcrypto/x509/x509_vfy.c r1.52)

- add new CA certificates from Mozilla's store from those organisations
which we already list

Add ISRG Root X1, the letsencrypt CA root. This is now included in its own
right in Mozilla's CA list, rather than relying on IdenTrust cross-signing.
ok beck@ jca@

use -nameopt esc_msb so "NetLock Kft" cert has the non-ascii
and non-utf8 bytes escaped.

ok sthen@

Sync some root certificates with Mozilla's cert store. ok bcook@

- Add new root certificates present in Mozilla cert store from CA
organizations who are already in cert.pem (AddTrust, Comodo, DigiCert,
Entrust, GeoTrust, USERTrust).

- Replace Startcom's root with their updated sha256 version present in
Mozilla cert store. (They maintained serial# etc so this is still valid
for existing signed certificates).

- Add two root certificates from CA not previously present:
"C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority"
"C=PL, O=Unizeto Sp. z o.o., CN=Certum CA" (the latter used by yandex.ru)

We are still listing some certificates that have been removed from
Mozilla's store (1024-bit etc) however these cannot be removed until
cert validation is improved (we don't currently accept a certificate
as valid unless the CA is at the end of a chain).

Sort cert.pem alphabetically, first by organisation, then by CA name
(CN if available, otherwise OU).

Add a comment identifying the org. Now to get an easy-to-read list
of certificates in the file you can use "grep ^[#=] cert.pem".

Prepared with https://spacehopper.org/format-pem.20160201. If you would
like to verify this commit to ensure that I didn't sneak in any other
changes, it will be easier to use the script rather than do it by hand.

Revamp cert.pem certificate information formatting. Skip headers which
aren't really useful (the information can be obtained by feeding the cert
into "openssl x509 -in filename -text") and add a separator between certs
showing the CA's CN or OU (similar to the display format in web browsers).
Include both SHA1 and SHA256 fingerprints for all certificates.

ok beck@ zhuk@ jung@

Remove "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
Authority" (serial 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be) root
certificate from cert.pem. ok rpe@

Symantec/VeriSign say "Browsers/root store operators are encouraged to
remove/untrust this root from their root stores" and "hasn't been used to
generate new certificates in several years, and will now be repurposed to
provide transition support for some of our enterprise customers' legacy,
non-public applications" (https://www.symantec.com/page.jsp?id=roots,
http://www.scmagazine.com/google-will-remove-trust-of-symantecs-pca3-g1-certificate/article/459688/).

Also see

https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&id=ALERT1941
https://googleonlinesecurity.blogspot.co.uk/2015/12/proactive-measures-in-digital.html

Add root certificate for COMODO RSA Certification Authority, ok beck@

In some cases sites signed by this are covered by the old "AddTrust External
CA Root" that we already had, but that depends on the site sending a fairly
large chain of intermediate certificates which most aren't doing (because
there's no need because this newer one is in browser stores..).

add QuoVadis root certificates, present in Mozilla/Chrome/Apple/Windows/etc
req by and OK dlg, no objections in 5 days

Add Certplus CA root certificate:
C=FR, O=Certplus, CN=Class 2 Primary CA

req by beck@, ok miod@ beck@

branches: 1.4.4;
add NetLock Kft. CA root certificate, already present in web browsers and
needed for fetching ports distfiles.
ok sthen@

add DST Root CA X3 certificate, already present in most browser cert stores.
"O=Digital Signature Trust Co., CN=DST Root CA X3". This CA is cross signing
the issuing intermediates for letsencrypt.org so is expected to be important
for at least ports distfile fetching in the future. ok ajacoutot@ juanfra@

Add SwissSign CA root certificates. Requested by robert@, ok dcoppa@ aja@ miod@

Move build machinery for libcrypto from libssl/crypto to libcrypto, as well
as configuration files; split manpages and .pc files between libcrypto and
libssl.
No functional change, only there to make engineering easier, and libcrypto
sources are still found in libssl/src/crypto at the moment.

ok reyk@, also discussed with deraadt@ beck@ and the usual crypto suspects.

Regen cert.pem

This drops a few certs per the CA's request and TrustCor because of drama.
Certainly, a new CA, is added as well as new certs for DigiCert, SECOM and
E-Tugra. Unizeto still haven't fixed one of their certs and we still don't
want the alternative Firmaprofesional with sha1WithRSAEncryption.

ok sthen

Sync cert.pem with certdata.txt from the NSS release branch. OK tb@ bcook@

remove (expired):
/O=Cybertrust, Inc/CN=Cybertrust Global Root
/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign

remove:
/C=ES/O=Agencia Catalana de Certificacio (NIF Q-0801176-I)/OU=Serveis Publics de Certificacio/OU=Vegeu https://www.catcert.net/verarrel (c)03/OU=Jerarquia Entitats de Certificacio Catalanes/CN=EC-ACC
/C=GB/O=Trustis Limited/OU=Trustis FPS Root CA

add new root (existing CAs):
/C=TW/O=Chunghwa Telecom Co., Ltd./CN=HiPKI Root CA - G1
/C=DE/O=D-Trust GmbH/CN=D-TRUST BR Root CA 1 2020
/C=DE/O=D-Trust GmbH/CN=D-TRUST EV Root CA 1 2020
/C=GR/O=Hellenic Academic and Research Institutions CA/CN=HARICA TLS ECC Root CA 2021
/C=GR/O=Hellenic Academic and Research Institutions CA/CN=HARICA TLS RSA Root CA 2021
/C=US/O=Internet Security Research Group/CN=ISRG Root X2
/C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA 2

add (new CAs):
/C=TN/O=Agence Nationale de Certification Electronique/CN=TunTrust Root CA
/serialNumber=G63287510/C=ES/O=ANF Autoridad de Certificacion/OU=ANF CA Raiz/CN=ANF Secure Server Root CA
/C=PL/O=Asseco Data Systems S.A./OU=Certum Certification Authority/CN=Certum EC-384 CA
/C=PL/O=Asseco Data Systems S.A./OU=Certum Certification Authority/CN=Certum Trusted Root CA
/C=AT/O=e-commerce monitoring GmbH/CN=GLOBALTRUST 2020
/C=CN/O=iTrusChina Co.,Ltd./CN=vTrus ECC Root CA
/C=CN/O=iTrusChina Co.,Ltd./CN=vTrus Root CA
/C=FI/O=Telia Finland Oyj/CN=Telia Root CA v2

replace with another cert with same CN (SHA1 vs SHA256):
/C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068

delete expired DST Root CA X3 to work around bugs various libraries
ok sthen, beck, jsing, tb, etc etc

sync cert.pem with Mozilla's CA list generated from certdata.txt
(certificates with the "server auth" trust purpose permitted).
ok tb@

-AC Camerfirma S.A.
- /C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Chambers of Commerce Root - 2008
- /C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Global Chambersign Root - 2008
-

FNMT-RCM
/C=ES/O=FNMT-RCM/OU=AC RAIZ FNMT-RCM
+ /C=ES/O=FNMT-RCM/OU=Ceres/2.5.4.97=VATES-Q2826004J/CN=AC RAIZ FNMT-RCM SERVIDORES SEGUROS

-GeoTrust Inc.
- /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
- /C=US/O=GeoTrust Inc./OU=(c) 2007 GeoTrust Inc. - For authorized use only/CN=GeoTrust Primary Certification Authority - G2
-

GlobalSign nv-sa
+ /C=BE/O=GlobalSign nv-sa/CN=GlobalSign Root E46
+ /C=BE/O=GlobalSign nv-sa/CN=GlobalSign Root R46
/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA

Staat der Nederlanden
/C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden EV Root CA
- /C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA - G3

Unizeto Technologies S.A.
/C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA
+ /C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA 2
-
-VeriSign, Inc.
- /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2008 VeriSign, Inc. - For authorized use only/CN=VeriSign Universal Root Certification Authority

(Note, "Staat der Nederlanden Root CA - G3" was changed to email trust only,
so is removed from this due to it only listing "server auth" purposes).

branches: 1.22.2;
Sync cert.pem with Mozilla NSS root CAs, except "GeoTrust Global CA", ok tb@

Notably this update removes various old Symantec roots (GeoTrust,
thawte, VeriSign) that were set in NSS to be distrusted on 1/1/2021.
Nobody should have been using these for years; only certain subCAs
signed by these were valid in NSS in that time due to an exemption:
https://wiki.mozilla.org/CA/Additional_Trust_Changes#Symantec
Notably Apple's "Apple IST CA 2 - G1" which is still in use for
some endpoints (it is cross signed by another CA too but these
endpoints are publishing the GeoTrust intermediate cert).

So for now I have skipped removal of "GeoTrust Global CA" to avoid
affecting these sites. Debian ran into this when they updated their
cert database and had to back this part out, affected sites are
not reachable on Android Firefox and maybe other newer Firefoxes.
Some sites that were affected have moved to a different CA in the
last few days but others, notably api.push.apple.com, remain
(I can only guess that there is a complicated problem involved,
possibly cert pinning on old devices - the clock is ticking though
as this expires in May 2022 anyway ;)

Additions:

/C=RO/O=CERTSIGN SA/OU=certSIGN ROOT CA G2
/C=HU/L=Budapest/O=Microsec Ltd./2.5.4.97=VATHU-23584497/CN=e-Szigno Root CA 2017
/C=KR/O=NAVER BUSINESS PLATFORM Corp./CN=NAVER Global Root Certification Authority
/C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global Certification Authority
/C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global ECC P256 Certification Authority
/C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global ECC P384 Certification Authority

Removals:

/C=US/O=GeoTrust Inc./CN=GeoTrust Primary Certification Authority
/C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA
/C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA 2
/C=US/O=GeoTrust Inc./OU=(c) 2008 GeoTrust Inc. - For authorized use only/CN=GeoTrust Primary Certification Authority - G3
/C=TW/O=Government Root Certification Authority
/C=LU/O=LuxTrust S.A./CN=LuxTrust Global Root 2
/C=US/O=thawte, Inc./OU=(c) 2007 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G2
/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2008 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G3
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G3
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2007 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G4
/C=CH/O=WISeKey/OU=Copyright (c) 2005/OU=OISTE Foundation Endorsed/CN=OISTE WISeKey Global Root GA CA

branches: 1.21.4;
Remove expired certificate, ok tb@
/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root

sync cert.pem with Mozilla's root ca list, ok beck@

update root CAs in cert.pem in sync with Mozilla
ok millert@

Regenerate root CA list using updated format-pem.pl. Specifically this
drops CA certificates whose validity dates don't comply with the rules on
ASN.1 encoding in RFC 5280 (and predecessors - same rule goes back to at
least RFC 2459, section 4.1.2.5).

LibreSSL strictly enforces this, so attempting to validate certificates
signed by these CAs just result in the following:

error 13 at 1 depth lookup:format error in certificate's notBefore field

"probably" beck@

sync with mozilla-release (one removal, TURKTRUST, more details at
https://bugzilla.mozilla.org/show_bug.cgi?id=1439127)

ok danj guenther millert

Full sync of CA list with Mozilla's.

Produced using curl's make-ca-bundle.pl and then reformatted with our
format-pem.pl from:
https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt

OK benno@. juanfra agrees with syncing with Mozilla. No objections received.

Add the following root CAs, from SECOM Trust Systems / Security Communication
of Japan, they are present in Mozilla's CA store. OK ajacoutot@

/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication EV RootCA1
/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication RootCA2
/C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1

Various work on cert.pem, ok bcook@

- print/sort using the full certificate subject rather than a pretty-printed
subset (as done in the current version of format-pem.pl); previously this was
resulting in a problem where a CN conflict resulted in the GlobalSign R2 CA
accidentally getting dropped in r1.10; problem found by Steven McDonald

- remove CA certificates that are no longer present in the CA store of the
release branch of Mozilla - possible now that libressl has support for
alternate chains (libcrypto/x509/x509_vfy.c r1.52)

- add new CA certificates from Mozilla's store from those organisations
which we already list

Add ISRG Root X1, the letsencrypt CA root. This is now included in its own
right in Mozilla's CA list, rather than relying on IdenTrust cross-signing.
ok beck@ jca@

use -nameopt esc_msb so "NetLock Kft" cert has the non-ascii
and non-utf8 bytes escaped.

ok sthen@

Sync some root certificates with Mozilla's cert store. ok bcook@

- Add new root certificates present in Mozilla cert store from CA
organizations who are already in cert.pem (AddTrust, Comodo, DigiCert,
Entrust, GeoTrust, USERTrust).

- Replace Startcom's root with their updated sha256 version present in
Mozilla cert store. (They maintained serial# etc so this is still valid
for existing signed certificates).

- Add two root certificates from CA not previously present:
"C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority"
"C=PL, O=Unizeto Sp. z o.o., CN=Certum CA" (the latter used by yandex.ru)

We are still listing some certificates that have been removed from
Mozilla's store (1024-bit etc) however these cannot be removed until
cert validation is improved (we don't currently accept a certificate
as valid unless the CA is at the end of a chain).

Sort cert.pem alphabetically, first by organisation, then by CA name
(CN if available, otherwise OU).

Add a comment identifying the org. Now to get an easy-to-read list
of certificates in the file you can use "grep ^[#=] cert.pem".

Prepared with https://spacehopper.org/format-pem.20160201. If you would
like to verify this commit to ensure that I didn't sneak in any other
changes, it will be easier to use the script rather than do it by hand.

Revamp cert.pem certificate information formatting. Skip headers which
aren't really useful (the information can be obtained by feeding the cert
into "openssl x509 -in filename -text") and add a separator between certs
showing the CA's CN or OU (similar to the display format in web browsers).
Include both SHA1 and SHA256 fingerprints for all certificates.

ok beck@ zhuk@ jung@

Remove "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
Authority" (serial 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be) root
certificate from cert.pem. ok rpe@

Symantec/VeriSign say "Browsers/root store operators are encouraged to
remove/untrust this root from their root stores" and "hasn't been used to
generate new certificates in several years, and will now be repurposed to
provide transition support for some of our enterprise customers' legacy,
non-public applications" (https://www.symantec.com/page.jsp?id=roots,
http://www.scmagazine.com/google-will-remove-trust-of-symantecs-pca3-g1-certificate/article/459688/).

Also see

https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&id=ALERT1941
https://googleonlinesecurity.blogspot.co.uk/2015/12/proactive-measures-in-digital.html

Add root certificate for COMODO RSA Certification Authority, ok beck@

In some cases sites signed by this are covered by the old "AddTrust External
CA Root" that we already had, but that depends on the site sending a fairly
large chain of intermediate certificates which most aren't doing (because
there's no need because this newer one is in browser stores..).

add QuoVadis root certificates, present in Mozilla/Chrome/Apple/Windows/etc
req by and OK dlg, no objections in 5 days

Add Certplus CA root certificate:
C=FR, O=Certplus, CN=Class 2 Primary CA

req by beck@, ok miod@ beck@

branches: 1.4.4;
add NetLock Kft. CA root certificate, already present in web browsers and
needed for fetching ports distfiles.
ok sthen@

add DST Root CA X3 certificate, already present in most browser cert stores.
"O=Digital Signature Trust Co., CN=DST Root CA X3". This CA is cross signing
the issuing intermediates for letsencrypt.org so is expected to be important
for at least ports distfile fetching in the future. ok ajacoutot@ juanfra@

Add SwissSign CA root certificates. Requested by robert@, ok dcoppa@ aja@ miod@

Move build machinery for libcrypto from libssl/crypto to libcrypto, as well
as configuration files; split manpages and .pc files between libcrypto and
libssl.
No functional change, only there to make engineering easier, and libcrypto
sources are still found in libssl/src/crypto at the moment.

ok reyk@, also discussed with deraadt@ beck@ and the usual crypto suspects.

Sync cert.pem with certdata.txt from the NSS release branch. OK tb@ bcook@

remove (expired):
/O=Cybertrust, Inc/CN=Cybertrust Global Root
/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign

remove:
/C=ES/O=Agencia Catalana de Certificacio (NIF Q-0801176-I)/OU=Serveis Publics de Certificacio/OU=Vegeu https://www.catcert.net/verarrel (c)03/OU=Jerarquia Entitats de Certificacio Catalanes/CN=EC-ACC
/C=GB/O=Trustis Limited/OU=Trustis FPS Root CA

add new root (existing CAs):
/C=TW/O=Chunghwa Telecom Co., Ltd./CN=HiPKI Root CA - G1
/C=DE/O=D-Trust GmbH/CN=D-TRUST BR Root CA 1 2020
/C=DE/O=D-Trust GmbH/CN=D-TRUST EV Root CA 1 2020
/C=GR/O=Hellenic Academic and Research Institutions CA/CN=HARICA TLS ECC Root CA 2021
/C=GR/O=Hellenic Academic and Research Institutions CA/CN=HARICA TLS RSA Root CA 2021
/C=US/O=Internet Security Research Group/CN=ISRG Root X2
/C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA 2

add (new CAs):
/C=TN/O=Agence Nationale de Certification Electronique/CN=TunTrust Root CA
/serialNumber=G63287510/C=ES/O=ANF Autoridad de Certificacion/OU=ANF CA Raiz/CN=ANF Secure Server Root CA
/C=PL/O=Asseco Data Systems S.A./OU=Certum Certification Authority/CN=Certum EC-384 CA
/C=PL/O=Asseco Data Systems S.A./OU=Certum Certification Authority/CN=Certum Trusted Root CA
/C=AT/O=e-commerce monitoring GmbH/CN=GLOBALTRUST 2020
/C=CN/O=iTrusChina Co.,Ltd./CN=vTrus ECC Root CA
/C=CN/O=iTrusChina Co.,Ltd./CN=vTrus Root CA
/C=FI/O=Telia Finland Oyj/CN=Telia Root CA v2

replace with another cert with same CN (SHA1 vs SHA256):
/C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068

delete expired DST Root CA X3 to work around bugs various libraries
ok sthen, beck, jsing, tb, etc etc

sync cert.pem with Mozilla's CA list generated from certdata.txt
(certificates with the "server auth" trust purpose permitted).
ok tb@

-AC Camerfirma S.A.
- /C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Chambers of Commerce Root - 2008
- /C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Global Chambersign Root - 2008
-

FNMT-RCM
/C=ES/O=FNMT-RCM/OU=AC RAIZ FNMT-RCM
+ /C=ES/O=FNMT-RCM/OU=Ceres/2.5.4.97=VATES-Q2826004J/CN=AC RAIZ FNMT-RCM SERVIDORES SEGUROS

-GeoTrust Inc.
- /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
- /C=US/O=GeoTrust Inc./OU=(c) 2007 GeoTrust Inc. - For authorized use only/CN=GeoTrust Primary Certification Authority - G2
-

GlobalSign nv-sa
+ /C=BE/O=GlobalSign nv-sa/CN=GlobalSign Root E46
+ /C=BE/O=GlobalSign nv-sa/CN=GlobalSign Root R46
/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA

Staat der Nederlanden
/C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden EV Root CA
- /C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA - G3

Unizeto Technologies S.A.
/C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA
+ /C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA 2
-
-VeriSign, Inc.
- /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2008 VeriSign, Inc. - For authorized use only/CN=VeriSign Universal Root Certification Authority

(Note, "Staat der Nederlanden Root CA - G3" was changed to email trust only,
so is removed from this due to it only listing "server auth" purposes).

branches: 1.22.2;
Sync cert.pem with Mozilla NSS root CAs, except "GeoTrust Global CA", ok tb@

Notably this update removes various old Symantec roots (GeoTrust,
thawte, VeriSign) that were set in NSS to be distrusted on 1/1/2021.
Nobody should have been using these for years; only certain subCAs
signed by these were valid in NSS in that time due to an exemption:
https://wiki.mozilla.org/CA/Additional_Trust_Changes#Symantec
Notably Apple's "Apple IST CA 2 - G1" which is still in use for
some endpoints (it is cross signed by another CA too but these
endpoints are publishing the GeoTrust intermediate cert).

So for now I have skipped removal of "GeoTrust Global CA" to avoid
affecting these sites. Debian ran into this when they updated their
cert database and had to back this part out, affected sites are
not reachable on Android Firefox and maybe other newer Firefoxes.
Some sites that were affected have moved to a different CA in the
last few days but others, notably api.push.apple.com, remain
(I can only guess that there is a complicated problem involved,
possibly cert pinning on old devices - the clock is ticking though
as this expires in May 2022 anyway ;)

Additions:

/C=RO/O=CERTSIGN SA/OU=certSIGN ROOT CA G2
/C=HU/L=Budapest/O=Microsec Ltd./2.5.4.97=VATHU-23584497/CN=e-Szigno Root CA 2017
/C=KR/O=NAVER BUSINESS PLATFORM Corp./CN=NAVER Global Root Certification Authority
/C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global Certification Authority
/C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global ECC P256 Certification Authority
/C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global ECC P384 Certification Authority

Removals:

/C=US/O=GeoTrust Inc./CN=GeoTrust Primary Certification Authority
/C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA
/C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA 2
/C=US/O=GeoTrust Inc./OU=(c) 2008 GeoTrust Inc. - For authorized use only/CN=GeoTrust Primary Certification Authority - G3
/C=TW/O=Government Root Certification Authority
/C=LU/O=LuxTrust S.A./CN=LuxTrust Global Root 2
/C=US/O=thawte, Inc./OU=(c) 2007 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G2
/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2008 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G3
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G3
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2007 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G4
/C=CH/O=WISeKey/OU=Copyright (c) 2005/OU=OISTE Foundation Endorsed/CN=OISTE WISeKey Global Root GA CA

branches: 1.21.4;
Remove expired certificate, ok tb@
/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root

sync cert.pem with Mozilla's root ca list, ok beck@

update root CAs in cert.pem in sync with Mozilla
ok millert@

Regenerate root CA list using updated format-pem.pl. Specifically this
drops CA certificates whose validity dates don't comply with the rules on
ASN.1 encoding in RFC 5280 (and predecessors - same rule goes back to at
least RFC 2459, section 4.1.2.5).

LibreSSL strictly enforces this, so attempting to validate certificates
signed by these CAs just result in the following:

error 13 at 1 depth lookup:format error in certificate's notBefore field

"probably" beck@

sync with mozilla-release (one removal, TURKTRUST, more details at
https://bugzilla.mozilla.org/show_bug.cgi?id=1439127)

ok danj guenther millert

Full sync of CA list with Mozilla's.

Produced using curl's make-ca-bundle.pl and then reformatted with our
format-pem.pl from:
https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt

OK benno@. juanfra agrees with syncing with Mozilla. No objections received.

Add the following root CAs, from SECOM Trust Systems / Security Communication
of Japan, they are present in Mozilla's CA store. OK ajacoutot@

/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication EV RootCA1
/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication RootCA2
/C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1

Various work on cert.pem, ok bcook@

- print/sort using the full certificate subject rather than a pretty-printed
subset (as done in the current version of format-pem.pl); previously this was
resulting in a problem where a CN conflict resulted in the GlobalSign R2 CA
accidentally getting dropped in r1.10; problem found by Steven McDonald

- remove CA certificates that are no longer present in the CA store of the
release branch of Mozilla - possible now that libressl has support for
alternate chains (libcrypto/x509/x509_vfy.c r1.52)

- add new CA certificates from Mozilla's store from those organisations
which we already list

Add ISRG Root X1, the letsencrypt CA root. This is now included in its own
right in Mozilla's CA list, rather than relying on IdenTrust cross-signing.
ok beck@ jca@

use -nameopt esc_msb so "NetLock Kft" cert has the non-ascii
and non-utf8 bytes escaped.

ok sthen@

Sync some root certificates with Mozilla's cert store. ok bcook@

- Add new root certificates present in Mozilla cert store from CA
organizations who are already in cert.pem (AddTrust, Comodo, DigiCert,
Entrust, GeoTrust, USERTrust).

- Replace Startcom's root with their updated sha256 version present in
Mozilla cert store. (They maintained serial# etc so this is still valid
for existing signed certificates).

- Add two root certificates from CA not previously present:
"C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority"
"C=PL, O=Unizeto Sp. z o.o., CN=Certum CA" (the latter used by yandex.ru)

We are still listing some certificates that have been removed from
Mozilla's store (1024-bit etc) however these cannot be removed until
cert validation is improved (we don't currently accept a certificate
as valid unless the CA is at the end of a chain).

Sort cert.pem alphabetically, first by organisation, then by CA name
(CN if available, otherwise OU).

Add a comment identifying the org. Now to get an easy-to-read list
of certificates in the file you can use "grep ^[#=] cert.pem".

Prepared with https://spacehopper.org/format-pem.20160201. If you would
like to verify this commit to ensure that I didn't sneak in any other
changes, it will be easier to use the script rather than do it by hand.

Revamp cert.pem certificate information formatting. Skip headers which
aren't really useful (the information can be obtained by feeding the cert
into "openssl x509 -in filename -text") and add a separator between certs
showing the CA's CN or OU (similar to the display format in web browsers).
Include both SHA1 and SHA256 fingerprints for all certificates.

ok beck@ zhuk@ jung@

Remove "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
Authority" (serial 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be) root
certificate from cert.pem. ok rpe@

Symantec/VeriSign say "Browsers/root store operators are encouraged to
remove/untrust this root from their root stores" and "hasn't been used to
generate new certificates in several years, and will now be repurposed to
provide transition support for some of our enterprise customers' legacy,
non-public applications" (https://www.symantec.com/page.jsp?id=roots,
http://www.scmagazine.com/google-will-remove-trust-of-symantecs-pca3-g1-certificate/article/459688/).

Also see

https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&id=ALERT1941
https://googleonlinesecurity.blogspot.co.uk/2015/12/proactive-measures-in-digital.html

Add root certificate for COMODO RSA Certification Authority, ok beck@

In some cases sites signed by this are covered by the old "AddTrust External
CA Root" that we already had, but that depends on the site sending a fairly
large chain of intermediate certificates which most aren't doing (because
there's no need because this newer one is in browser stores..).

add QuoVadis root certificates, present in Mozilla/Chrome/Apple/Windows/etc
req by and OK dlg, no objections in 5 days

Add Certplus CA root certificate:
C=FR, O=Certplus, CN=Class 2 Primary CA

req by beck@, ok miod@ beck@

branches: 1.4.4;
add NetLock Kft. CA root certificate, already present in web browsers and
needed for fetching ports distfiles.
ok sthen@

add DST Root CA X3 certificate, already present in most browser cert stores.
"O=Digital Signature Trust Co., CN=DST Root CA X3". This CA is cross signing
the issuing intermediates for letsencrypt.org so is expected to be important
for at least ports distfile fetching in the future. ok ajacoutot@ juanfra@

Add SwissSign CA root certificates. Requested by robert@, ok dcoppa@ aja@ miod@

Move build machinery for libcrypto from libssl/crypto to libcrypto, as well
as configuration files; split manpages and .pc files between libcrypto and
libssl.
No functional change, only there to make engineering easier, and libcrypto
sources are still found in libssl/src/crypto at the moment.

ok reyk@, also discussed with deraadt@ beck@ and the usual crypto suspects.

delete expired DST Root CA X3 to work around bugs various libraries
ok sthen, beck, jsing, tb, etc etc

sync cert.pem with Mozilla's CA list generated from certdata.txt
(certificates with the "server auth" trust purpose permitted).
ok tb@

-AC Camerfirma S.A.
- /C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Chambers of Commerce Root - 2008
- /C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Global Chambersign Root - 2008
-

FNMT-RCM
/C=ES/O=FNMT-RCM/OU=AC RAIZ FNMT-RCM
+ /C=ES/O=FNMT-RCM/OU=Ceres/2.5.4.97=VATES-Q2826004J/CN=AC RAIZ FNMT-RCM SERVIDORES SEGUROS

-GeoTrust Inc.
- /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
- /C=US/O=GeoTrust Inc./OU=(c) 2007 GeoTrust Inc. - For authorized use only/CN=GeoTrust Primary Certification Authority - G2
-

GlobalSign nv-sa
+ /C=BE/O=GlobalSign nv-sa/CN=GlobalSign Root E46
+ /C=BE/O=GlobalSign nv-sa/CN=GlobalSign Root R46
/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA

Staat der Nederlanden
/C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden EV Root CA
- /C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA - G3

Unizeto Technologies S.A.
/C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA
+ /C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA 2
-
-VeriSign, Inc.
- /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2008 VeriSign, Inc. - For authorized use only/CN=VeriSign Universal Root Certification Authority

(Note, "Staat der Nederlanden Root CA - G3" was changed to email trust only,
so is removed from this due to it only listing "server auth" purposes).

branches: 1.22.2;
Sync cert.pem with Mozilla NSS root CAs, except "GeoTrust Global CA", ok tb@

Notably this update removes various old Symantec roots (GeoTrust,
thawte, VeriSign) that were set in NSS to be distrusted on 1/1/2021.
Nobody should have been using these for years; only certain subCAs
signed by these were valid in NSS in that time due to an exemption:
https://wiki.mozilla.org/CA/Additional_Trust_Changes#Symantec
Notably Apple's "Apple IST CA 2 - G1" which is still in use for
some endpoints (it is cross signed by another CA too but these
endpoints are publishing the GeoTrust intermediate cert).

So for now I have skipped removal of "GeoTrust Global CA" to avoid
affecting these sites. Debian ran into this when they updated their
cert database and had to back this part out, affected sites are
not reachable on Android Firefox and maybe other newer Firefoxes.
Some sites that were affected have moved to a different CA in the
last few days but others, notably api.push.apple.com, remain
(I can only guess that there is a complicated problem involved,
possibly cert pinning on old devices - the clock is ticking though
as this expires in May 2022 anyway ;)

Additions:

/C=RO/O=CERTSIGN SA/OU=certSIGN ROOT CA G2
/C=HU/L=Budapest/O=Microsec Ltd./2.5.4.97=VATHU-23584497/CN=e-Szigno Root CA 2017
/C=KR/O=NAVER BUSINESS PLATFORM Corp./CN=NAVER Global Root Certification Authority
/C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global Certification Authority
/C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global ECC P256 Certification Authority
/C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global ECC P384 Certification Authority

Removals:

/C=US/O=GeoTrust Inc./CN=GeoTrust Primary Certification Authority
/C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA
/C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA 2
/C=US/O=GeoTrust Inc./OU=(c) 2008 GeoTrust Inc. - For authorized use only/CN=GeoTrust Primary Certification Authority - G3
/C=TW/O=Government Root Certification Authority
/C=LU/O=LuxTrust S.A./CN=LuxTrust Global Root 2
/C=US/O=thawte, Inc./OU=(c) 2007 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G2
/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2008 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G3
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G3
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2007 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G4
/C=CH/O=WISeKey/OU=Copyright (c) 2005/OU=OISTE Foundation Endorsed/CN=OISTE WISeKey Global Root GA CA

branches: 1.21.4;
Remove expired certificate, ok tb@
/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root

sync cert.pem with Mozilla's root ca list, ok beck@

update root CAs in cert.pem in sync with Mozilla
ok millert@

Regenerate root CA list using updated format-pem.pl. Specifically this
drops CA certificates whose validity dates don't comply with the rules on
ASN.1 encoding in RFC 5280 (and predecessors - same rule goes back to at
least RFC 2459, section 4.1.2.5).

LibreSSL strictly enforces this, so attempting to validate certificates
signed by these CAs just result in the following:

error 13 at 1 depth lookup:format error in certificate's notBefore field

"probably" beck@

sync with mozilla-release (one removal, TURKTRUST, more details at
https://bugzilla.mozilla.org/show_bug.cgi?id=1439127)

ok danj guenther millert

Full sync of CA list with Mozilla's.

Produced using curl's make-ca-bundle.pl and then reformatted with our
format-pem.pl from:
https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt

OK benno@. juanfra agrees with syncing with Mozilla. No objections received.

Add the following root CAs, from SECOM Trust Systems / Security Communication
of Japan, they are present in Mozilla's CA store. OK ajacoutot@

/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication EV RootCA1
/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication RootCA2
/C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1

Various work on cert.pem, ok bcook@

- print/sort using the full certificate subject rather than a pretty-printed
subset (as done in the current version of format-pem.pl); previously this was
resulting in a problem where a CN conflict resulted in the GlobalSign R2 CA
accidentally getting dropped in r1.10; problem found by Steven McDonald

- remove CA certificates that are no longer present in the CA store of the
release branch of Mozilla - possible now that libressl has support for
alternate chains (libcrypto/x509/x509_vfy.c r1.52)

- add new CA certificates from Mozilla's store from those organisations
which we already list

Add ISRG Root X1, the letsencrypt CA root. This is now included in its own
right in Mozilla's CA list, rather than relying on IdenTrust cross-signing.
ok beck@ jca@

use -nameopt esc_msb so "NetLock Kft" cert has the non-ascii
and non-utf8 bytes escaped.

ok sthen@

Sync some root certificates with Mozilla's cert store. ok bcook@

- Add new root certificates present in Mozilla cert store from CA
organizations who are already in cert.pem (AddTrust, Comodo, DigiCert,
Entrust, GeoTrust, USERTrust).

- Replace Startcom's root with their updated sha256 version present in
Mozilla cert store. (They maintained serial# etc so this is still valid
for existing signed certificates).

- Add two root certificates from CA not previously present:
"C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority"
"C=PL, O=Unizeto Sp. z o.o., CN=Certum CA" (the latter used by yandex.ru)

We are still listing some certificates that have been removed from
Mozilla's store (1024-bit etc) however these cannot be removed until
cert validation is improved (we don't currently accept a certificate
as valid unless the CA is at the end of a chain).

Sort cert.pem alphabetically, first by organisation, then by CA name
(CN if available, otherwise OU).

Add a comment identifying the org. Now to get an easy-to-read list
of certificates in the file you can use "grep ^[#=] cert.pem".

Prepared with https://spacehopper.org/format-pem.20160201. If you would
like to verify this commit to ensure that I didn't sneak in any other
changes, it will be easier to use the script rather than do it by hand.

Revamp cert.pem certificate information formatting. Skip headers which
aren't really useful (the information can be obtained by feeding the cert
into "openssl x509 -in filename -text") and add a separator between certs
showing the CA's CN or OU (similar to the display format in web browsers).
Include both SHA1 and SHA256 fingerprints for all certificates.

ok beck@ zhuk@ jung@

Remove "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
Authority" (serial 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be) root
certificate from cert.pem. ok rpe@

Symantec/VeriSign say "Browsers/root store operators are encouraged to
remove/untrust this root from their root stores" and "hasn't been used to
generate new certificates in several years, and will now be repurposed to
provide transition support for some of our enterprise customers' legacy,
non-public applications" (https://www.symantec.com/page.jsp?id=roots,
http://www.scmagazine.com/google-will-remove-trust-of-symantecs-pca3-g1-certificate/article/459688/).

Also see

https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&id=ALERT1941
https://googleonlinesecurity.blogspot.co.uk/2015/12/proactive-measures-in-digital.html

Add root certificate for COMODO RSA Certification Authority, ok beck@

In some cases sites signed by this are covered by the old "AddTrust External
CA Root" that we already had, but that depends on the site sending a fairly
large chain of intermediate certificates which most aren't doing (because
there's no need because this newer one is in browser stores..).

add QuoVadis root certificates, present in Mozilla/Chrome/Apple/Windows/etc
req by and OK dlg, no objections in 5 days

Add Certplus CA root certificate:
C=FR, O=Certplus, CN=Class 2 Primary CA

req by beck@, ok miod@ beck@

branches: 1.4.4;
add NetLock Kft. CA root certificate, already present in web browsers and
needed for fetching ports distfiles.
ok sthen@

add DST Root CA X3 certificate, already present in most browser cert stores.
"O=Digital Signature Trust Co., CN=DST Root CA X3". This CA is cross signing
the issuing intermediates for letsencrypt.org so is expected to be important
for at least ports distfile fetching in the future. ok ajacoutot@ juanfra@

Add SwissSign CA root certificates. Requested by robert@, ok dcoppa@ aja@ miod@

Move build machinery for libcrypto from libssl/crypto to libcrypto, as well
as configuration files; split manpages and .pc files between libcrypto and
libssl.
No functional change, only there to make engineering easier, and libcrypto
sources are still found in libssl/src/crypto at the moment.

ok reyk@, also discussed with deraadt@ beck@ and the usual crypto suspects.

sync cert.pem with Mozilla's CA list generated from certdata.txt
(certificates with the "server auth" trust purpose permitted).
ok tb@

-AC Camerfirma S.A.
- /C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Chambers of Commerce Root - 2008
- /C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Global Chambersign Root - 2008
-

FNMT-RCM
/C=ES/O=FNMT-RCM/OU=AC RAIZ FNMT-RCM
+ /C=ES/O=FNMT-RCM/OU=Ceres/2.5.4.97=VATES-Q2826004J/CN=AC RAIZ FNMT-RCM SERVIDORES SEGUROS

-GeoTrust Inc.
- /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
- /C=US/O=GeoTrust Inc./OU=(c) 2007 GeoTrust Inc. - For authorized use only/CN=GeoTrust Primary Certification Authority - G2
-

GlobalSign nv-sa
+ /C=BE/O=GlobalSign nv-sa/CN=GlobalSign Root E46
+ /C=BE/O=GlobalSign nv-sa/CN=GlobalSign Root R46
/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA

Staat der Nederlanden
/C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden EV Root CA
- /C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA - G3

Unizeto Technologies S.A.
/C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA
+ /C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA 2
-
-VeriSign, Inc.
- /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2008 VeriSign, Inc. - For authorized use only/CN=VeriSign Universal Root Certification Authority

(Note, "Staat der Nederlanden Root CA - G3" was changed to email trust only,
so is removed from this due to it only listing "server auth" purposes).

Sync cert.pem with Mozilla NSS root CAs, except "GeoTrust Global CA", ok tb@

Notably this update removes various old Symantec roots (GeoTrust,
thawte, VeriSign) that were set in NSS to be distrusted on 1/1/2021.
Nobody should have been using these for years; only certain subCAs
signed by these were valid in NSS in that time due to an exemption:
https://wiki.mozilla.org/CA/Additional_Trust_Changes#Symantec
Notably Apple's "Apple IST CA 2 - G1" which is still in use for
some endpoints (it is cross signed by another CA too but these
endpoints are publishing the GeoTrust intermediate cert).

So for now I have skipped removal of "GeoTrust Global CA" to avoid
affecting these sites. Debian ran into this when they updated their
cert database and had to back this part out, affected sites are
not reachable on Android Firefox and maybe other newer Firefoxes.
Some sites that were affected have moved to a different CA in the
last few days but others, notably api.push.apple.com, remain
(I can only guess that there is a complicated problem involved,
possibly cert pinning on old devices - the clock is ticking though
as this expires in May 2022 anyway ;)

Additions:

/C=RO/O=CERTSIGN SA/OU=certSIGN ROOT CA G2
/C=HU/L=Budapest/O=Microsec Ltd./2.5.4.97=VATHU-23584497/CN=e-Szigno Root CA 2017
/C=KR/O=NAVER BUSINESS PLATFORM Corp./CN=NAVER Global Root Certification Authority
/C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global Certification Authority
/C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global ECC P256 Certification Authority
/C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global ECC P384 Certification Authority

Removals:

/C=US/O=GeoTrust Inc./CN=GeoTrust Primary Certification Authority
/C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA
/C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA 2
/C=US/O=GeoTrust Inc./OU=(c) 2008 GeoTrust Inc. - For authorized use only/CN=GeoTrust Primary Certification Authority - G3
/C=TW/O=Government Root Certification Authority
/C=LU/O=LuxTrust S.A./CN=LuxTrust Global Root 2
/C=US/O=thawte, Inc./OU=(c) 2007 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G2
/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2008 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G3
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G3
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2007 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G4
/C=CH/O=WISeKey/OU=Copyright (c) 2005/OU=OISTE Foundation Endorsed/CN=OISTE WISeKey Global Root GA CA

Remove expired certificate, ok tb@
/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root

sync cert.pem with Mozilla's root ca list, ok beck@

update root CAs in cert.pem in sync with Mozilla
ok millert@

Regenerate root CA list using updated format-pem.pl. Specifically this
drops CA certificates whose validity dates don't comply with the rules on
ASN.1 encoding in RFC 5280 (and predecessors - same rule goes back to at
least RFC 2459, section 4.1.2.5).

LibreSSL strictly enforces this, so attempting to validate certificates
signed by these CAs just result in the following:

error 13 at 1 depth lookup:format error in certificate's notBefore field

"probably" beck@

sync with mozilla-release (one removal, TURKTRUST, more details at
https://bugzilla.mozilla.org/show_bug.cgi?id=1439127)

ok danj guenther millert

Full sync of CA list with Mozilla's.

Produced using curl's make-ca-bundle.pl and then reformatted with our
format-pem.pl from:
https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt

OK benno@. juanfra agrees with syncing with Mozilla. No objections received.

Add the following root CAs, from SECOM Trust Systems / Security Communication
of Japan, they are present in Mozilla's CA store. OK ajacoutot@

/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication EV RootCA1
/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication RootCA2
/C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1

Various work on cert.pem, ok bcook@

- print/sort using the full certificate subject rather than a pretty-printed
subset (as done in the current version of format-pem.pl); previously this was
resulting in a problem where a CN conflict resulted in the GlobalSign R2 CA
accidentally getting dropped in r1.10; problem found by Steven McDonald

- remove CA certificates that are no longer present in the CA store of the
release branch of Mozilla - possible now that libressl has support for
alternate chains (libcrypto/x509/x509_vfy.c r1.52)

- add new CA certificates from Mozilla's store from those organisations
which we already list

Add ISRG Root X1, the letsencrypt CA root. This is now included in its own
right in Mozilla's CA list, rather than relying on IdenTrust cross-signing.
ok beck@ jca@

use -nameopt esc_msb so "NetLock Kft" cert has the non-ascii
and non-utf8 bytes escaped.

ok sthen@

Sync some root certificates with Mozilla's cert store. ok bcook@

- Add new root certificates present in Mozilla cert store from CA
organizations who are already in cert.pem (AddTrust, Comodo, DigiCert,
Entrust, GeoTrust, USERTrust).

- Replace Startcom's root with their updated sha256 version present in
Mozilla cert store. (They maintained serial# etc so this is still valid
for existing signed certificates).

- Add two root certificates from CA not previously present:
"C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority"
"C=PL, O=Unizeto Sp. z o.o., CN=Certum CA" (the latter used by yandex.ru)

We are still listing some certificates that have been removed from
Mozilla's store (1024-bit etc) however these cannot be removed until
cert validation is improved (we don't currently accept a certificate
as valid unless the CA is at the end of a chain).

Sort cert.pem alphabetically, first by organisation, then by CA name
(CN if available, otherwise OU).

Add a comment identifying the org. Now to get an easy-to-read list
of certificates in the file you can use "grep ^[#=] cert.pem".

Prepared with https://spacehopper.org/format-pem.20160201. If you would
like to verify this commit to ensure that I didn't sneak in any other
changes, it will be easier to use the script rather than do it by hand.

Revamp cert.pem certificate information formatting. Skip headers which
aren't really useful (the information can be obtained by feeding the cert
into "openssl x509 -in filename -text") and add a separator between certs
showing the CA's CN or OU (similar to the display format in web browsers).
Include both SHA1 and SHA256 fingerprints for all certificates.

ok beck@ zhuk@ jung@

Remove "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
Authority" (serial 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be) root
certificate from cert.pem. ok rpe@

Symantec/VeriSign say "Browsers/root store operators are encouraged to
remove/untrust this root from their root stores" and "hasn't been used to
generate new certificates in several years, and will now be repurposed to
provide transition support for some of our enterprise customers' legacy,
non-public applications" (https://www.symantec.com/page.jsp?id=roots,
http://www.scmagazine.com/google-will-remove-trust-of-symantecs-pca3-g1-certificate/article/459688/).

Also see

https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&id=ALERT1941
https://googleonlinesecurity.blogspot.co.uk/2015/12/proactive-measures-in-digital.html

Add root certificate for COMODO RSA Certification Authority, ok beck@

In some cases sites signed by this are covered by the old "AddTrust External
CA Root" that we already had, but that depends on the site sending a fairly
large chain of intermediate certificates which most aren't doing (because
there's no need because this newer one is in browser stores..).

add QuoVadis root certificates, present in Mozilla/Chrome/Apple/Windows/etc
req by and OK dlg, no objections in 5 days

Add Certplus CA root certificate:
C=FR, O=Certplus, CN=Class 2 Primary CA

req by beck@, ok miod@ beck@

branches: 1.4.4;
add NetLock Kft. CA root certificate, already present in web browsers and
needed for fetching ports distfiles.
ok sthen@

add DST Root CA X3 certificate, already present in most browser cert stores.
"O=Digital Signature Trust Co., CN=DST Root CA X3". This CA is cross signing
the issuing intermediates for letsencrypt.org so is expected to be important
for at least ports distfile fetching in the future. ok ajacoutot@ juanfra@

Add SwissSign CA root certificates. Requested by robert@, ok dcoppa@ aja@ miod@

Move build machinery for libcrypto from libssl/crypto to libcrypto, as well
as configuration files; split manpages and .pc files between libcrypto and
libssl.
No functional change, only there to make engineering easier, and libcrypto
sources are still found in libssl/src/crypto at the moment.

ok reyk@, also discussed with deraadt@ beck@ and the usual crypto suspects.

Sync cert.pem with Mozilla NSS root CAs, except "GeoTrust Global CA", ok tb@

Notably this update removes various old Symantec roots (GeoTrust,
thawte, VeriSign) that were set in NSS to be distrusted on 1/1/2021.
Nobody should have been using these for years; only certain subCAs
signed by these were valid in NSS in that time due to an exemption:
https://wiki.mozilla.org/CA/Additional_Trust_Changes#Symantec
Notably Apple's "Apple IST CA 2 - G1" which is still in use for
some endpoints (it is cross signed by another CA too but these
endpoints are publishing the GeoTrust intermediate cert).

So for now I have skipped removal of "GeoTrust Global CA" to avoid
affecting these sites. Debian ran into this when they updated their
cert database and had to back this part out, affected sites are
not reachable on Android Firefox and maybe other newer Firefoxes.
Some sites that were affected have moved to a different CA in the
last few days but others, notably api.push.apple.com, remain
(I can only guess that there is a complicated problem involved,
possibly cert pinning on old devices - the clock is ticking though
as this expires in May 2022 anyway ;)

Additions:

/C=RO/O=CERTSIGN SA/OU=certSIGN ROOT CA G2
/C=HU/L=Budapest/O=Microsec Ltd./2.5.4.97=VATHU-23584497/CN=e-Szigno Root CA 2017
/C=KR/O=NAVER BUSINESS PLATFORM Corp./CN=NAVER Global Root Certification Authority
/C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global Certification Authority
/C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global ECC P256 Certification Authority
/C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global ECC P384 Certification Authority

Removals:

/C=US/O=GeoTrust Inc./CN=GeoTrust Primary Certification Authority
/C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA
/C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA 2
/C=US/O=GeoTrust Inc./OU=(c) 2008 GeoTrust Inc. - For authorized use only/CN=GeoTrust Primary Certification Authority - G3
/C=TW/O=Government Root Certification Authority
/C=LU/O=LuxTrust S.A./CN=LuxTrust Global Root 2
/C=US/O=thawte, Inc./OU=(c) 2007 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G2
/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2008 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G3
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G3
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2007 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G4
/C=CH/O=WISeKey/OU=Copyright (c) 2005/OU=OISTE Foundation Endorsed/CN=OISTE WISeKey Global Root GA CA

Remove expired certificate, ok tb@
/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root

sync cert.pem with Mozilla's root ca list, ok beck@

update root CAs in cert.pem in sync with Mozilla
ok millert@

Regenerate root CA list using updated format-pem.pl. Specifically this
drops CA certificates whose validity dates don't comply with the rules on
ASN.1 encoding in RFC 5280 (and predecessors - same rule goes back to at
least RFC 2459, section 4.1.2.5).

LibreSSL strictly enforces this, so attempting to validate certificates
signed by these CAs just result in the following:

error 13 at 1 depth lookup:format error in certificate's notBefore field

"probably" beck@

sync with mozilla-release (one removal, TURKTRUST, more details at
https://bugzilla.mozilla.org/show_bug.cgi?id=1439127)

ok danj guenther millert

Full sync of CA list with Mozilla's.

Produced using curl's make-ca-bundle.pl and then reformatted with our
format-pem.pl from:
https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt

OK benno@. juanfra agrees with syncing with Mozilla. No objections received.

Add the following root CAs, from SECOM Trust Systems / Security Communication
of Japan, they are present in Mozilla's CA store. OK ajacoutot@

/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication EV RootCA1
/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication RootCA2
/C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1

Various work on cert.pem, ok bcook@

- print/sort using the full certificate subject rather than a pretty-printed
subset (as done in the current version of format-pem.pl); previously this was
resulting in a problem where a CN conflict resulted in the GlobalSign R2 CA
accidentally getting dropped in r1.10; problem found by Steven McDonald

- remove CA certificates that are no longer present in the CA store of the
release branch of Mozilla - possible now that libressl has support for
alternate chains (libcrypto/x509/x509_vfy.c r1.52)

- add new CA certificates from Mozilla's store from those organisations
which we already list

Add ISRG Root X1, the letsencrypt CA root. This is now included in its own
right in Mozilla's CA list, rather than relying on IdenTrust cross-signing.
ok beck@ jca@

use -nameopt esc_msb so "NetLock Kft" cert has the non-ascii
and non-utf8 bytes escaped.

ok sthen@

Sync some root certificates with Mozilla's cert store. ok bcook@

- Add new root certificates present in Mozilla cert store from CA
organizations who are already in cert.pem (AddTrust, Comodo, DigiCert,
Entrust, GeoTrust, USERTrust).

- Replace Startcom's root with their updated sha256 version present in
Mozilla cert store. (They maintained serial# etc so this is still valid
for existing signed certificates).

- Add two root certificates from CA not previously present:
"C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority"
"C=PL, O=Unizeto Sp. z o.o., CN=Certum CA" (the latter used by yandex.ru)

We are still listing some certificates that have been removed from
Mozilla's store (1024-bit etc) however these cannot be removed until
cert validation is improved (we don't currently accept a certificate
as valid unless the CA is at the end of a chain).

Sort cert.pem alphabetically, first by organisation, then by CA name
(CN if available, otherwise OU).

Add a comment identifying the org. Now to get an easy-to-read list
of certificates in the file you can use "grep ^[#=] cert.pem".

Prepared with https://spacehopper.org/format-pem.20160201. If you would
like to verify this commit to ensure that I didn't sneak in any other
changes, it will be easier to use the script rather than do it by hand.

Revamp cert.pem certificate information formatting. Skip headers which
aren't really useful (the information can be obtained by feeding the cert
into "openssl x509 -in filename -text") and add a separator between certs
showing the CA's CN or OU (similar to the display format in web browsers).
Include both SHA1 and SHA256 fingerprints for all certificates.

ok beck@ zhuk@ jung@

Remove "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
Authority" (serial 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be) root
certificate from cert.pem. ok rpe@

Symantec/VeriSign say "Browsers/root store operators are encouraged to
remove/untrust this root from their root stores" and "hasn't been used to
generate new certificates in several years, and will now be repurposed to
provide transition support for some of our enterprise customers' legacy,
non-public applications" (https://www.symantec.com/page.jsp?id=roots,
http://www.scmagazine.com/google-will-remove-trust-of-symantecs-pca3-g1-certificate/article/459688/).

Also see

https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&id=ALERT1941
https://googleonlinesecurity.blogspot.co.uk/2015/12/proactive-measures-in-digital.html

Add root certificate for COMODO RSA Certification Authority, ok beck@

In some cases sites signed by this are covered by the old "AddTrust External
CA Root" that we already had, but that depends on the site sending a fairly
large chain of intermediate certificates which most aren't doing (because
there's no need because this newer one is in browser stores..).

add QuoVadis root certificates, present in Mozilla/Chrome/Apple/Windows/etc
req by and OK dlg, no objections in 5 days

Add Certplus CA root certificate:
C=FR, O=Certplus, CN=Class 2 Primary CA

req by beck@, ok miod@ beck@

branches: 1.4.4;
add NetLock Kft. CA root certificate, already present in web browsers and
needed for fetching ports distfiles.
ok sthen@

add DST Root CA X3 certificate, already present in most browser cert stores.
"O=Digital Signature Trust Co., CN=DST Root CA X3". This CA is cross signing
the issuing intermediates for letsencrypt.org so is expected to be important
for at least ports distfile fetching in the future. ok ajacoutot@ juanfra@

Add SwissSign CA root certificates. Requested by robert@, ok dcoppa@ aja@ miod@

Move build machinery for libcrypto from libssl/crypto to libcrypto, as well
as configuration files; split manpages and .pc files between libcrypto and
libssl.
No functional change, only there to make engineering easier, and libcrypto
sources are still found in libssl/src/crypto at the moment.

ok reyk@, also discussed with deraadt@ beck@ and the usual crypto suspects.

Remove expired certificate, ok tb@
/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root

sync cert.pem with Mozilla's root ca list, ok beck@

update root CAs in cert.pem in sync with Mozilla
ok millert@

Regenerate root CA list using updated format-pem.pl. Specifically this
drops CA certificates whose validity dates don't comply with the rules on
ASN.1 encoding in RFC 5280 (and predecessors - same rule goes back to at
least RFC 2459, section 4.1.2.5).

LibreSSL strictly enforces this, so attempting to validate certificates
signed by these CAs just result in the following:

error 13 at 1 depth lookup:format error in certificate's notBefore field

"probably" beck@

sync with mozilla-release (one removal, TURKTRUST, more details at
https://bugzilla.mozilla.org/show_bug.cgi?id=1439127)

ok danj guenther millert

Full sync of CA list with Mozilla's.

Produced using curl's make-ca-bundle.pl and then reformatted with our
format-pem.pl from:
https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt

OK benno@. juanfra agrees with syncing with Mozilla. No objections received.

Add the following root CAs, from SECOM Trust Systems / Security Communication
of Japan, they are present in Mozilla's CA store. OK ajacoutot@

/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication EV RootCA1
/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication RootCA2
/C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1

Various work on cert.pem, ok bcook@

- print/sort using the full certificate subject rather than a pretty-printed
subset (as done in the current version of format-pem.pl); previously this was
resulting in a problem where a CN conflict resulted in the GlobalSign R2 CA
accidentally getting dropped in r1.10; problem found by Steven McDonald

- remove CA certificates that are no longer present in the CA store of the
release branch of Mozilla - possible now that libressl has support for
alternate chains (libcrypto/x509/x509_vfy.c r1.52)

- add new CA certificates from Mozilla's store from those organisations
which we already list

Add ISRG Root X1, the letsencrypt CA root. This is now included in its own
right in Mozilla's CA list, rather than relying on IdenTrust cross-signing.
ok beck@ jca@

use -nameopt esc_msb so "NetLock Kft" cert has the non-ascii
and non-utf8 bytes escaped.

ok sthen@

Sync some root certificates with Mozilla's cert store. ok bcook@

- Add new root certificates present in Mozilla cert store from CA
organizations who are already in cert.pem (AddTrust, Comodo, DigiCert,
Entrust, GeoTrust, USERTrust).

- Replace Startcom's root with their updated sha256 version present in
Mozilla cert store. (They maintained serial# etc so this is still valid
for existing signed certificates).

- Add two root certificates from CA not previously present:
"C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority"
"C=PL, O=Unizeto Sp. z o.o., CN=Certum CA" (the latter used by yandex.ru)

We are still listing some certificates that have been removed from
Mozilla's store (1024-bit etc) however these cannot be removed until
cert validation is improved (we don't currently accept a certificate
as valid unless the CA is at the end of a chain).

Sort cert.pem alphabetically, first by organisation, then by CA name
(CN if available, otherwise OU).

Add a comment identifying the org. Now to get an easy-to-read list
of certificates in the file you can use "grep ^[#=] cert.pem".

Prepared with https://spacehopper.org/format-pem.20160201. If you would
like to verify this commit to ensure that I didn't sneak in any other
changes, it will be easier to use the script rather than do it by hand.

Revamp cert.pem certificate information formatting. Skip headers which
aren't really useful (the information can be obtained by feeding the cert
into "openssl x509 -in filename -text") and add a separator between certs
showing the CA's CN or OU (similar to the display format in web browsers).
Include both SHA1 and SHA256 fingerprints for all certificates.

ok beck@ zhuk@ jung@

Remove "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
Authority" (serial 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be) root
certificate from cert.pem. ok rpe@

Symantec/VeriSign say "Browsers/root store operators are encouraged to
remove/untrust this root from their root stores" and "hasn't been used to
generate new certificates in several years, and will now be repurposed to
provide transition support for some of our enterprise customers' legacy,
non-public applications" (https://www.symantec.com/page.jsp?id=roots,
http://www.scmagazine.com/google-will-remove-trust-of-symantecs-pca3-g1-certificate/article/459688/).

Also see

https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&id=ALERT1941
https://googleonlinesecurity.blogspot.co.uk/2015/12/proactive-measures-in-digital.html

Add root certificate for COMODO RSA Certification Authority, ok beck@

In some cases sites signed by this are covered by the old "AddTrust External
CA Root" that we already had, but that depends on the site sending a fairly
large chain of intermediate certificates which most aren't doing (because
there's no need because this newer one is in browser stores..).

add QuoVadis root certificates, present in Mozilla/Chrome/Apple/Windows/etc
req by and OK dlg, no objections in 5 days

Add Certplus CA root certificate:
C=FR, O=Certplus, CN=Class 2 Primary CA

req by beck@, ok miod@ beck@

branches: 1.4.4;
add NetLock Kft. CA root certificate, already present in web browsers and
needed for fetching ports distfiles.
ok sthen@

add DST Root CA X3 certificate, already present in most browser cert stores.
"O=Digital Signature Trust Co., CN=DST Root CA X3". This CA is cross signing
the issuing intermediates for letsencrypt.org so is expected to be important
for at least ports distfile fetching in the future. ok ajacoutot@ juanfra@

Add SwissSign CA root certificates. Requested by robert@, ok dcoppa@ aja@ miod@

Move build machinery for libcrypto from libssl/crypto to libcrypto, as well
as configuration files; split manpages and .pc files between libcrypto and
libssl.
No functional change, only there to make engineering easier, and libcrypto
sources are still found in libssl/src/crypto at the moment.

ok reyk@, also discussed with deraadt@ beck@ and the usual crypto suspects.

sync cert.pem with Mozilla's root ca list, ok beck@

update root CAs in cert.pem in sync with Mozilla
ok millert@

Regenerate root CA list using updated format-pem.pl. Specifically this
drops CA certificates whose validity dates don't comply with the rules on
ASN.1 encoding in RFC 5280 (and predecessors - same rule goes back to at
least RFC 2459, section 4.1.2.5).

LibreSSL strictly enforces this, so attempting to validate certificates
signed by these CAs just result in the following:

error 13 at 1 depth lookup:format error in certificate's notBefore field

"probably" beck@

sync with mozilla-release (one removal, TURKTRUST, more details at
https://bugzilla.mozilla.org/show_bug.cgi?id=1439127)

ok danj guenther millert

Full sync of CA list with Mozilla's.

Produced using curl's make-ca-bundle.pl and then reformatted with our
format-pem.pl from:
https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt

OK benno@. juanfra agrees with syncing with Mozilla. No objections received.

Add the following root CAs, from SECOM Trust Systems / Security Communication
of Japan, they are present in Mozilla's CA store. OK ajacoutot@

/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication EV RootCA1
/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication RootCA2
/C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1

Various work on cert.pem, ok bcook@

- print/sort using the full certificate subject rather than a pretty-printed
subset (as done in the current version of format-pem.pl); previously this was
resulting in a problem where a CN conflict resulted in the GlobalSign R2 CA
accidentally getting dropped in r1.10; problem found by Steven McDonald

- remove CA certificates that are no longer present in the CA store of the
release branch of Mozilla - possible now that libressl has support for
alternate chains (libcrypto/x509/x509_vfy.c r1.52)

- add new CA certificates from Mozilla's store from those organisations
which we already list

Add ISRG Root X1, the letsencrypt CA root. This is now included in its own
right in Mozilla's CA list, rather than relying on IdenTrust cross-signing.
ok beck@ jca@

use -nameopt esc_msb so "NetLock Kft" cert has the non-ascii
and non-utf8 bytes escaped.

ok sthen@

Sync some root certificates with Mozilla's cert store. ok bcook@

- Add new root certificates present in Mozilla cert store from CA
organizations who are already in cert.pem (AddTrust, Comodo, DigiCert,
Entrust, GeoTrust, USERTrust).

- Replace Startcom's root with their updated sha256 version present in
Mozilla cert store. (They maintained serial# etc so this is still valid
for existing signed certificates).

- Add two root certificates from CA not previously present:
"C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority"
"C=PL, O=Unizeto Sp. z o.o., CN=Certum CA" (the latter used by yandex.ru)

We are still listing some certificates that have been removed from
Mozilla's store (1024-bit etc) however these cannot be removed until
cert validation is improved (we don't currently accept a certificate
as valid unless the CA is at the end of a chain).

Sort cert.pem alphabetically, first by organisation, then by CA name
(CN if available, otherwise OU).

Add a comment identifying the org. Now to get an easy-to-read list
of certificates in the file you can use "grep ^[#=] cert.pem".

Prepared with https://spacehopper.org/format-pem.20160201. If you would
like to verify this commit to ensure that I didn't sneak in any other
changes, it will be easier to use the script rather than do it by hand.

Revamp cert.pem certificate information formatting. Skip headers which
aren't really useful (the information can be obtained by feeding the cert
into "openssl x509 -in filename -text") and add a separator between certs
showing the CA's CN or OU (similar to the display format in web browsers).
Include both SHA1 and SHA256 fingerprints for all certificates.

ok beck@ zhuk@ jung@

Remove "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
Authority" (serial 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be) root
certificate from cert.pem. ok rpe@

Symantec/VeriSign say "Browsers/root store operators are encouraged to
remove/untrust this root from their root stores" and "hasn't been used to
generate new certificates in several years, and will now be repurposed to
provide transition support for some of our enterprise customers' legacy,
non-public applications" (https://www.symantec.com/page.jsp?id=roots,
http://www.scmagazine.com/google-will-remove-trust-of-symantecs-pca3-g1-certificate/article/459688/).

Also see

https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&id=ALERT1941
https://googleonlinesecurity.blogspot.co.uk/2015/12/proactive-measures-in-digital.html

Add root certificate for COMODO RSA Certification Authority, ok beck@

In some cases sites signed by this are covered by the old "AddTrust External
CA Root" that we already had, but that depends on the site sending a fairly
large chain of intermediate certificates which most aren't doing (because
there's no need because this newer one is in browser stores..).

add QuoVadis root certificates, present in Mozilla/Chrome/Apple/Windows/etc
req by and OK dlg, no objections in 5 days

Add Certplus CA root certificate:
C=FR, O=Certplus, CN=Class 2 Primary CA

req by beck@, ok miod@ beck@

branches: 1.4.4;
add NetLock Kft. CA root certificate, already present in web browsers and
needed for fetching ports distfiles.
ok sthen@

add DST Root CA X3 certificate, already present in most browser cert stores.
"O=Digital Signature Trust Co., CN=DST Root CA X3". This CA is cross signing
the issuing intermediates for letsencrypt.org so is expected to be important
for at least ports distfile fetching in the future. ok ajacoutot@ juanfra@

Add SwissSign CA root certificates. Requested by robert@, ok dcoppa@ aja@ miod@

Move build machinery for libcrypto from libssl/crypto to libcrypto, as well
as configuration files; split manpages and .pc files between libcrypto and
libssl.
No functional change, only there to make engineering easier, and libcrypto
sources are still found in libssl/src/crypto at the moment.

ok reyk@, also discussed with deraadt@ beck@ and the usual crypto suspects.

update root CAs in cert.pem in sync with Mozilla
ok millert@

Regenerate root CA list using updated format-pem.pl. Specifically this
drops CA certificates whose validity dates don't comply with the rules on
ASN.1 encoding in RFC 5280 (and predecessors - same rule goes back to at
least RFC 2459, section 4.1.2.5).

LibreSSL strictly enforces this, so attempting to validate certificates
signed by these CAs just result in the following:

error 13 at 1 depth lookup:format error in certificate's notBefore field

"probably" beck@

sync with mozilla-release (one removal, TURKTRUST, more details at
https://bugzilla.mozilla.org/show_bug.cgi?id=1439127)

ok danj guenther millert

Full sync of CA list with Mozilla's.

Produced using curl's make-ca-bundle.pl and then reformatted with our
format-pem.pl from:
https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt

OK benno@. juanfra agrees with syncing with Mozilla. No objections received.

Add the following root CAs, from SECOM Trust Systems / Security Communication
of Japan, they are present in Mozilla's CA store. OK ajacoutot@

/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication EV RootCA1
/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication RootCA2
/C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1

Various work on cert.pem, ok bcook@

- print/sort using the full certificate subject rather than a pretty-printed
subset (as done in the current version of format-pem.pl); previously this was
resulting in a problem where a CN conflict resulted in the GlobalSign R2 CA
accidentally getting dropped in r1.10; problem found by Steven McDonald

- remove CA certificates that are no longer present in the CA store of the
release branch of Mozilla - possible now that libressl has support for
alternate chains (libcrypto/x509/x509_vfy.c r1.52)

- add new CA certificates from Mozilla's store from those organisations
which we already list

Add ISRG Root X1, the letsencrypt CA root. This is now included in its own
right in Mozilla's CA list, rather than relying on IdenTrust cross-signing.
ok beck@ jca@

use -nameopt esc_msb so "NetLock Kft" cert has the non-ascii
and non-utf8 bytes escaped.

ok sthen@

Sync some root certificates with Mozilla's cert store. ok bcook@

- Add new root certificates present in Mozilla cert store from CA
organizations who are already in cert.pem (AddTrust, Comodo, DigiCert,
Entrust, GeoTrust, USERTrust).

- Replace Startcom's root with their updated sha256 version present in
Mozilla cert store. (They maintained serial# etc so this is still valid
for existing signed certificates).

- Add two root certificates from CA not previously present:
"C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority"
"C=PL, O=Unizeto Sp. z o.o., CN=Certum CA" (the latter used by yandex.ru)

We are still listing some certificates that have been removed from
Mozilla's store (1024-bit etc) however these cannot be removed until
cert validation is improved (we don't currently accept a certificate
as valid unless the CA is at the end of a chain).

Sort cert.pem alphabetically, first by organisation, then by CA name
(CN if available, otherwise OU).

Add a comment identifying the org. Now to get an easy-to-read list
of certificates in the file you can use "grep ^[#=] cert.pem".

Prepared with https://spacehopper.org/format-pem.20160201. If you would
like to verify this commit to ensure that I didn't sneak in any other
changes, it will be easier to use the script rather than do it by hand.

Revamp cert.pem certificate information formatting. Skip headers which
aren't really useful (the information can be obtained by feeding the cert
into "openssl x509 -in filename -text") and add a separator between certs
showing the CA's CN or OU (similar to the display format in web browsers).
Include both SHA1 and SHA256 fingerprints for all certificates.

ok beck@ zhuk@ jung@

Remove "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
Authority" (serial 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be) root
certificate from cert.pem. ok rpe@

Symantec/VeriSign say "Browsers/root store operators are encouraged to
remove/untrust this root from their root stores" and "hasn't been used to
generate new certificates in several years, and will now be repurposed to
provide transition support for some of our enterprise customers' legacy,
non-public applications" (https://www.symantec.com/page.jsp?id=roots,
http://www.scmagazine.com/google-will-remove-trust-of-symantecs-pca3-g1-certificate/article/459688/).

Also see

https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&id=ALERT1941
https://googleonlinesecurity.blogspot.co.uk/2015/12/proactive-measures-in-digital.html

Add root certificate for COMODO RSA Certification Authority, ok beck@

In some cases sites signed by this are covered by the old "AddTrust External
CA Root" that we already had, but that depends on the site sending a fairly
large chain of intermediate certificates which most aren't doing (because
there's no need because this newer one is in browser stores..).

add QuoVadis root certificates, present in Mozilla/Chrome/Apple/Windows/etc
req by and OK dlg, no objections in 5 days

Add Certplus CA root certificate:
C=FR, O=Certplus, CN=Class 2 Primary CA

req by beck@, ok miod@ beck@

branches: 1.4.4;
add NetLock Kft. CA root certificate, already present in web browsers and
needed for fetching ports distfiles.
ok sthen@

add DST Root CA X3 certificate, already present in most browser cert stores.
"O=Digital Signature Trust Co., CN=DST Root CA X3". This CA is cross signing
the issuing intermediates for letsencrypt.org so is expected to be important
for at least ports distfile fetching in the future. ok ajacoutot@ juanfra@

Add SwissSign CA root certificates. Requested by robert@, ok dcoppa@ aja@ miod@

Move build machinery for libcrypto from libssl/crypto to libcrypto, as well
as configuration files; split manpages and .pc files between libcrypto and
libssl.
No functional change, only there to make engineering easier, and libcrypto
sources are still found in libssl/src/crypto at the moment.

ok reyk@, also discussed with deraadt@ beck@ and the usual crypto suspects.

Regenerate root CA list using updated format-pem.pl. Specifically this
drops CA certificates whose validity dates don't comply with the rules on
ASN.1 encoding in RFC 5280 (and predecessors - same rule goes back to at
least RFC 2459, section 4.1.2.5).

LibreSSL strictly enforces this, so attempting to validate certificates
signed by these CAs just result in the following:

error 13 at 1 depth lookup:format error in certificate's notBefore field

"probably" beck@

sync with mozilla-release (one removal, TURKTRUST, more details at
https://bugzilla.mozilla.org/show_bug.cgi?id=1439127)

ok danj guenther millert

Full sync of CA list with Mozilla's.

Produced using curl's make-ca-bundle.pl and then reformatted with our
format-pem.pl from:
https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt

OK benno@. juanfra agrees with syncing with Mozilla. No objections received.

Add the following root CAs, from SECOM Trust Systems / Security Communication
of Japan, they are present in Mozilla's CA store. OK ajacoutot@

/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication EV RootCA1
/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication RootCA2
/C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1

Various work on cert.pem, ok bcook@

- print/sort using the full certificate subject rather than a pretty-printed
subset (as done in the current version of format-pem.pl); previously this was
resulting in a problem where a CN conflict resulted in the GlobalSign R2 CA
accidentally getting dropped in r1.10; problem found by Steven McDonald

- remove CA certificates that are no longer present in the CA store of the
release branch of Mozilla - possible now that libressl has support for
alternate chains (libcrypto/x509/x509_vfy.c r1.52)

- add new CA certificates from Mozilla's store from those organisations
which we already list

Add ISRG Root X1, the letsencrypt CA root. This is now included in its own
right in Mozilla's CA list, rather than relying on IdenTrust cross-signing.
ok beck@ jca@

use -nameopt esc_msb so "NetLock Kft" cert has the non-ascii
and non-utf8 bytes escaped.

ok sthen@

Sync some root certificates with Mozilla's cert store. ok bcook@

- Add new root certificates present in Mozilla cert store from CA
organizations who are already in cert.pem (AddTrust, Comodo, DigiCert,
Entrust, GeoTrust, USERTrust).

- Replace Startcom's root with their updated sha256 version present in
Mozilla cert store. (They maintained serial# etc so this is still valid
for existing signed certificates).

- Add two root certificates from CA not previously present:
"C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority"
"C=PL, O=Unizeto Sp. z o.o., CN=Certum CA" (the latter used by yandex.ru)

We are still listing some certificates that have been removed from
Mozilla's store (1024-bit etc) however these cannot be removed until
cert validation is improved (we don't currently accept a certificate
as valid unless the CA is at the end of a chain).

Sort cert.pem alphabetically, first by organisation, then by CA name
(CN if available, otherwise OU).

Add a comment identifying the org. Now to get an easy-to-read list
of certificates in the file you can use "grep ^[#=] cert.pem".

Prepared with https://spacehopper.org/format-pem.20160201. If you would
like to verify this commit to ensure that I didn't sneak in any other
changes, it will be easier to use the script rather than do it by hand.

Revamp cert.pem certificate information formatting. Skip headers which
aren't really useful (the information can be obtained by feeding the cert
into "openssl x509 -in filename -text") and add a separator between certs
showing the CA's CN or OU (similar to the display format in web browsers).
Include both SHA1 and SHA256 fingerprints for all certificates.

ok beck@ zhuk@ jung@

Remove "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
Authority" (serial 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be) root
certificate from cert.pem. ok rpe@

Symantec/VeriSign say "Browsers/root store operators are encouraged to
remove/untrust this root from their root stores" and "hasn't been used to
generate new certificates in several years, and will now be repurposed to
provide transition support for some of our enterprise customers' legacy,
non-public applications" (https://www.symantec.com/page.jsp?id=roots,
http://www.scmagazine.com/google-will-remove-trust-of-symantecs-pca3-g1-certificate/article/459688/).

Also see

https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&id=ALERT1941
https://googleonlinesecurity.blogspot.co.uk/2015/12/proactive-measures-in-digital.html

Add root certificate for COMODO RSA Certification Authority, ok beck@

In some cases sites signed by this are covered by the old "AddTrust External
CA Root" that we already had, but that depends on the site sending a fairly
large chain of intermediate certificates which most aren't doing (because
there's no need because this newer one is in browser stores..).

add QuoVadis root certificates, present in Mozilla/Chrome/Apple/Windows/etc
req by and OK dlg, no objections in 5 days

Add Certplus CA root certificate:
C=FR, O=Certplus, CN=Class 2 Primary CA

req by beck@, ok miod@ beck@

branches: 1.4.4;
add NetLock Kft. CA root certificate, already present in web browsers and
needed for fetching ports distfiles.
ok sthen@

add DST Root CA X3 certificate, already present in most browser cert stores.
"O=Digital Signature Trust Co., CN=DST Root CA X3". This CA is cross signing
the issuing intermediates for letsencrypt.org so is expected to be important
for at least ports distfile fetching in the future. ok ajacoutot@ juanfra@

Add SwissSign CA root certificates. Requested by robert@, ok dcoppa@ aja@ miod@

Move build machinery for libcrypto from libssl/crypto to libcrypto, as well
as configuration files; split manpages and .pc files between libcrypto and
libssl.
No functional change, only there to make engineering easier, and libcrypto
sources are still found in libssl/src/crypto at the moment.

ok reyk@, also discussed with deraadt@ beck@ and the usual crypto suspects.

sync with mozilla-release (one removal, TURKTRUST, more details at
https://bugzilla.mozilla.org/show_bug.cgi?id=1439127)

ok danj guenther millert

Full sync of CA list with Mozilla's.

Produced using curl's make-ca-bundle.pl and then reformatted with our
format-pem.pl from:
https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt

OK benno@. juanfra agrees with syncing with Mozilla. No objections received.

Add the following root CAs, from SECOM Trust Systems / Security Communication
of Japan, they are present in Mozilla's CA store. OK ajacoutot@

/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication EV RootCA1
/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication RootCA2
/C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1

Various work on cert.pem, ok bcook@

- print/sort using the full certificate subject rather than a pretty-printed
subset (as done in the current version of format-pem.pl); previously this was
resulting in a problem where a CN conflict resulted in the GlobalSign R2 CA
accidentally getting dropped in r1.10; problem found by Steven McDonald

- remove CA certificates that are no longer present in the CA store of the
release branch of Mozilla - possible now that libressl has support for
alternate chains (libcrypto/x509/x509_vfy.c r1.52)

- add new CA certificates from Mozilla's store from those organisations
which we already list

Add ISRG Root X1, the letsencrypt CA root. This is now included in its own
right in Mozilla's CA list, rather than relying on IdenTrust cross-signing.
ok beck@ jca@

use -nameopt esc_msb so "NetLock Kft" cert has the non-ascii
and non-utf8 bytes escaped.

ok sthen@

Sync some root certificates with Mozilla's cert store. ok bcook@

- Add new root certificates present in Mozilla cert store from CA
organizations who are already in cert.pem (AddTrust, Comodo, DigiCert,
Entrust, GeoTrust, USERTrust).

- Replace Startcom's root with their updated sha256 version present in
Mozilla cert store. (They maintained serial# etc so this is still valid
for existing signed certificates).

- Add two root certificates from CA not previously present:
"C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority"
"C=PL, O=Unizeto Sp. z o.o., CN=Certum CA" (the latter used by yandex.ru)

We are still listing some certificates that have been removed from
Mozilla's store (1024-bit etc) however these cannot be removed until
cert validation is improved (we don't currently accept a certificate
as valid unless the CA is at the end of a chain).

Sort cert.pem alphabetically, first by organisation, then by CA name
(CN if available, otherwise OU).

Add a comment identifying the org. Now to get an easy-to-read list
of certificates in the file you can use "grep ^[#=] cert.pem".

Prepared with https://spacehopper.org/format-pem.20160201. If you would
like to verify this commit to ensure that I didn't sneak in any other
changes, it will be easier to use the script rather than do it by hand.

Revamp cert.pem certificate information formatting. Skip headers which
aren't really useful (the information can be obtained by feeding the cert
into "openssl x509 -in filename -text") and add a separator between certs
showing the CA's CN or OU (similar to the display format in web browsers).
Include both SHA1 and SHA256 fingerprints for all certificates.

ok beck@ zhuk@ jung@

Remove "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
Authority" (serial 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be) root
certificate from cert.pem. ok rpe@

Symantec/VeriSign say "Browsers/root store operators are encouraged to
remove/untrust this root from their root stores" and "hasn't been used to
generate new certificates in several years, and will now be repurposed to
provide transition support for some of our enterprise customers' legacy,
non-public applications" (https://www.symantec.com/page.jsp?id=roots,
http://www.scmagazine.com/google-will-remove-trust-of-symantecs-pca3-g1-certificate/article/459688/).

Also see

https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&id=ALERT1941
https://googleonlinesecurity.blogspot.co.uk/2015/12/proactive-measures-in-digital.html

Add root certificate for COMODO RSA Certification Authority, ok beck@

In some cases sites signed by this are covered by the old "AddTrust External
CA Root" that we already had, but that depends on the site sending a fairly
large chain of intermediate certificates which most aren't doing (because
there's no need because this newer one is in browser stores..).

add QuoVadis root certificates, present in Mozilla/Chrome/Apple/Windows/etc
req by and OK dlg, no objections in 5 days

Add Certplus CA root certificate:
C=FR, O=Certplus, CN=Class 2 Primary CA

req by beck@, ok miod@ beck@

branches: 1.4.4;
add NetLock Kft. CA root certificate, already present in web browsers and
needed for fetching ports distfiles.
ok sthen@

add DST Root CA X3 certificate, already present in most browser cert stores.
"O=Digital Signature Trust Co., CN=DST Root CA X3". This CA is cross signing
the issuing intermediates for letsencrypt.org so is expected to be important
for at least ports distfile fetching in the future. ok ajacoutot@ juanfra@

Add SwissSign CA root certificates. Requested by robert@, ok dcoppa@ aja@ miod@

Move build machinery for libcrypto from libssl/crypto to libcrypto, as well
as configuration files; split manpages and .pc files between libcrypto and
libssl.
No functional change, only there to make engineering easier, and libcrypto
sources are still found in libssl/src/crypto at the moment.

ok reyk@, also discussed with deraadt@ beck@ and the usual crypto suspects.

Full sync of CA list with Mozilla's.

Produced using curl's make-ca-bundle.pl and then reformatted with our
format-pem.pl from:
https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt

OK benno@. juanfra agrees with syncing with Mozilla. No objections received.

Add the following root CAs, from SECOM Trust Systems / Security Communication
of Japan, they are present in Mozilla's CA store. OK ajacoutot@

/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication EV RootCA1
/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication RootCA2
/C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1

Various work on cert.pem, ok bcook@

- print/sort using the full certificate subject rather than a pretty-printed
subset (as done in the current version of format-pem.pl); previously this was
resulting in a problem where a CN conflict resulted in the GlobalSign R2 CA
accidentally getting dropped in r1.10; problem found by Steven McDonald

- remove CA certificates that are no longer present in the CA store of the
release branch of Mozilla - possible now that libressl has support for
alternate chains (libcrypto/x509/x509_vfy.c r1.52)

- add new CA certificates from Mozilla's store from those organisations
which we already list

Add ISRG Root X1, the letsencrypt CA root. This is now included in its own
right in Mozilla's CA list, rather than relying on IdenTrust cross-signing.
ok beck@ jca@

use -nameopt esc_msb so "NetLock Kft" cert has the non-ascii
and non-utf8 bytes escaped.

ok sthen@

Sync some root certificates with Mozilla's cert store. ok bcook@

- Add new root certificates present in Mozilla cert store from CA
organizations who are already in cert.pem (AddTrust, Comodo, DigiCert,
Entrust, GeoTrust, USERTrust).

- Replace Startcom's root with their updated sha256 version present in
Mozilla cert store. (They maintained serial# etc so this is still valid
for existing signed certificates).

- Add two root certificates from CA not previously present:
"C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority"
"C=PL, O=Unizeto Sp. z o.o., CN=Certum CA" (the latter used by yandex.ru)

We are still listing some certificates that have been removed from
Mozilla's store (1024-bit etc) however these cannot be removed until
cert validation is improved (we don't currently accept a certificate
as valid unless the CA is at the end of a chain).

Sort cert.pem alphabetically, first by organisation, then by CA name
(CN if available, otherwise OU).

Add a comment identifying the org. Now to get an easy-to-read list
of certificates in the file you can use "grep ^[#=] cert.pem".

Prepared with https://spacehopper.org/format-pem.20160201. If you would
like to verify this commit to ensure that I didn't sneak in any other
changes, it will be easier to use the script rather than do it by hand.

Revamp cert.pem certificate information formatting. Skip headers which
aren't really useful (the information can be obtained by feeding the cert
into "openssl x509 -in filename -text") and add a separator between certs
showing the CA's CN or OU (similar to the display format in web browsers).
Include both SHA1 and SHA256 fingerprints for all certificates.

ok beck@ zhuk@ jung@

Remove "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
Authority" (serial 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be) root
certificate from cert.pem. ok rpe@

Symantec/VeriSign say "Browsers/root store operators are encouraged to
remove/untrust this root from their root stores" and "hasn't been used to
generate new certificates in several years, and will now be repurposed to
provide transition support for some of our enterprise customers' legacy,
non-public applications" (https://www.symantec.com/page.jsp?id=roots,
http://www.scmagazine.com/google-will-remove-trust-of-symantecs-pca3-g1-certificate/article/459688/).

Also see

https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&id=ALERT1941
https://googleonlinesecurity.blogspot.co.uk/2015/12/proactive-measures-in-digital.html

Add root certificate for COMODO RSA Certification Authority, ok beck@

In some cases sites signed by this are covered by the old "AddTrust External
CA Root" that we already had, but that depends on the site sending a fairly
large chain of intermediate certificates which most aren't doing (because
there's no need because this newer one is in browser stores..).

add QuoVadis root certificates, present in Mozilla/Chrome/Apple/Windows/etc
req by and OK dlg, no objections in 5 days

Add Certplus CA root certificate:
C=FR, O=Certplus, CN=Class 2 Primary CA

req by beck@, ok miod@ beck@

branches: 1.4.4;
add NetLock Kft. CA root certificate, already present in web browsers and
needed for fetching ports distfiles.
ok sthen@

add DST Root CA X3 certificate, already present in most browser cert stores.
"O=Digital Signature Trust Co., CN=DST Root CA X3". This CA is cross signing
the issuing intermediates for letsencrypt.org so is expected to be important
for at least ports distfile fetching in the future. ok ajacoutot@ juanfra@

Add SwissSign CA root certificates. Requested by robert@, ok dcoppa@ aja@ miod@

Move build machinery for libcrypto from libssl/crypto to libcrypto, as well
as configuration files; split manpages and .pc files between libcrypto and
libssl.
No functional change, only there to make engineering easier, and libcrypto
sources are still found in libssl/src/crypto at the moment.

ok reyk@, also discussed with deraadt@ beck@ and the usual crypto suspects.

Add the following root CAs, from SECOM Trust Systems / Security Communication
of Japan, they are present in Mozilla's CA store. OK ajacoutot@

/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication EV RootCA1
/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication RootCA2
/C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1

Various work on cert.pem, ok bcook@

- print/sort using the full certificate subject rather than a pretty-printed
subset (as done in the current version of format-pem.pl); previously this was
resulting in a problem where a CN conflict resulted in the GlobalSign R2 CA
accidentally getting dropped in r1.10; problem found by Steven McDonald

- remove CA certificates that are no longer present in the CA store of the
release branch of Mozilla - possible now that libressl has support for
alternate chains (libcrypto/x509/x509_vfy.c r1.52)

- add new CA certificates from Mozilla's store from those organisations
which we already list

Add ISRG Root X1, the letsencrypt CA root. This is now included in its own
right in Mozilla's CA list, rather than relying on IdenTrust cross-signing.
ok beck@ jca@

use -nameopt esc_msb so "NetLock Kft" cert has the non-ascii
and non-utf8 bytes escaped.

ok sthen@

Sync some root certificates with Mozilla's cert store. ok bcook@

- Add new root certificates present in Mozilla cert store from CA
organizations who are already in cert.pem (AddTrust, Comodo, DigiCert,
Entrust, GeoTrust, USERTrust).

- Replace Startcom's root with their updated sha256 version present in
Mozilla cert store. (They maintained serial# etc so this is still valid
for existing signed certificates).

- Add two root certificates from CA not previously present:
"C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority"
"C=PL, O=Unizeto Sp. z o.o., CN=Certum CA" (the latter used by yandex.ru)

We are still listing some certificates that have been removed from
Mozilla's store (1024-bit etc) however these cannot be removed until
cert validation is improved (we don't currently accept a certificate
as valid unless the CA is at the end of a chain).

Sort cert.pem alphabetically, first by organisation, then by CA name
(CN if available, otherwise OU).

Add a comment identifying the org. Now to get an easy-to-read list
of certificates in the file you can use "grep ^[#=] cert.pem".

Prepared with https://spacehopper.org/format-pem.20160201. If you would
like to verify this commit to ensure that I didn't sneak in any other
changes, it will be easier to use the script rather than do it by hand.

Revamp cert.pem certificate information formatting. Skip headers which
aren't really useful (the information can be obtained by feeding the cert
into "openssl x509 -in filename -text") and add a separator between certs
showing the CA's CN or OU (similar to the display format in web browsers).
Include both SHA1 and SHA256 fingerprints for all certificates.

ok beck@ zhuk@ jung@

Remove "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
Authority" (serial 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be) root
certificate from cert.pem. ok rpe@

Symantec/VeriSign say "Browsers/root store operators are encouraged to
remove/untrust this root from their root stores" and "hasn't been used to
generate new certificates in several years, and will now be repurposed to
provide transition support for some of our enterprise customers' legacy,
non-public applications" (https://www.symantec.com/page.jsp?id=roots,
http://www.scmagazine.com/google-will-remove-trust-of-symantecs-pca3-g1-certificate/article/459688/).

Also see

https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&id=ALERT1941
https://googleonlinesecurity.blogspot.co.uk/2015/12/proactive-measures-in-digital.html

Add root certificate for COMODO RSA Certification Authority, ok beck@

In some cases sites signed by this are covered by the old "AddTrust External
CA Root" that we already had, but that depends on the site sending a fairly
large chain of intermediate certificates which most aren't doing (because
there's no need because this newer one is in browser stores..).

add QuoVadis root certificates, present in Mozilla/Chrome/Apple/Windows/etc
req by and OK dlg, no objections in 5 days

Add Certplus CA root certificate:
C=FR, O=Certplus, CN=Class 2 Primary CA

req by beck@, ok miod@ beck@

branches: 1.4.4;
add NetLock Kft. CA root certificate, already present in web browsers and
needed for fetching ports distfiles.
ok sthen@

add DST Root CA X3 certificate, already present in most browser cert stores.
"O=Digital Signature Trust Co., CN=DST Root CA X3". This CA is cross signing
the issuing intermediates for letsencrypt.org so is expected to be important
for at least ports distfile fetching in the future. ok ajacoutot@ juanfra@

Add SwissSign CA root certificates. Requested by robert@, ok dcoppa@ aja@ miod@

Move build machinery for libcrypto from libssl/crypto to libcrypto, as well
as configuration files; split manpages and .pc files between libcrypto and
libssl.
No functional change, only there to make engineering easier, and libcrypto
sources are still found in libssl/src/crypto at the moment.

ok reyk@, also discussed with deraadt@ beck@ and the usual crypto suspects.