Chakra_Linux/core
1
0
Fork 0
mirror of https://gitdl.cn/https://github.com/chakralinux/core.git synced 2025-02-03 17:57:13 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

nss: rebuild to follow Arch

Browse Source
This commit is contained in:
Chaoting Liu 2017-08-28 19:33:56 +01:00
parent f220e46cc3
commit 6295f48f45
10 changed files with 439 additions and 2156 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

108
nss/PKGBUILD
View File

@ -3,40 +3,44 @@
pkgbase=nss pkgbase=nss
pkgname=(nss ca-certificates-mozilla) pkgname=(nss ca-certificates-mozilla)
pkgver=3.32 pkgver=3.32
pkgrel=1 pkgrel=2
pkgdesc="Mozilla Network Security Services" pkgdesc="Network Security Services"
arch=('x86_64') url="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
url="http://www.mozilla.org/projects/security/pki/nss/" arch=(i686 x86_64)
license=('MPL' 'GPL') license=(MPL GPL)
_nsprver=4.16 _nsprver=4.16
depends=("nspr>=${_nsprver}" 'sqlite3' 'zlib' 'sh' 'p11-kit') depends=("nspr>=${_nsprver}" sqlite3 zlib sh p11-kit)
makedepends=('perl' 'python2') makedepends=(perl python2 xmlto docbook-xsl gyp)
options=('!strip' '!makeflags' 'staticlibs') options=(!strip !makeflags staticlibs)
source=("https://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM/src/${pkgbase}-${pkgver}.tar.gz" source=("https://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM/src/nss-${pkgver}.tar.gz"
certdata2pem.py certdata2pem.py bundle.sh nss.pc.in nss-config.in nss-config.xml enable-libpkix.patch no-plt.diff)
bundle.sh
nss.pc.in
nss-config.in)
sha256sums=('35c6f381cc96bb25e4f924469f6ba3e57b3a16e0c2fb7e295a284a00d57ed335' sha256sums=('35c6f381cc96bb25e4f924469f6ba3e57b3a16e0c2fb7e295a284a00d57ed335'
'880b10445a9472826698fd186ca870a6492c1bbd264bbeed95cbedc6ee6041b2' '512b12a2f13129be62c008b4df0153f527dd7d71c2c5183de99dfa2a1c49dd8a'
'045f520403f715a4cc7f3607b4e2c9bcc88fee5bce58d462fddaa2fdb0e4c180' 'e412463cfa32bd38a97c1c3664e70c8eb211b676d9192e45f44fbccb0422e87d'
'b9f1428ca2305bf30b109507ff335fa00bce5a7ce0434b50acd26ad7c47dd5bd' 'f2208c4f70373ff9b60f53d733f8071d4e390c384b776dfc04bf26c306882faf'
'e44ac5095b4d88f24ec7b2e6a9f1581560bd3ad41a3d198596d67ef22f67adb9') 'e44ac5095b4d88f24ec7b2e6a9f1581560bd3ad41a3d198596d67ef22f67adb9'
'98ace873c63e8e870286bce3ed53249aa2655cc1f53e7049061476e650ab06f1'
'0b68c5ffbfeec090e950e5703e6b0519eafcb7eaf4fe2f64c355d0ddf17eed30'
'ea8e1b871c0f1dd29cdea1b1a2e7f47bf4713e2ae7b947ec832dba7dfcc67daa')
prepare() { prepare() {
mkdir certs mkdir certs path
ln -s /usr/bin/python2 path/python
echo -n "$(date +"%e %B %Y")" >date.xml
echo -n "$pkgver" >version.xml
xmlto man nss-config.xml
cd nss-$pkgver cd nss-$pkgver
# Respect LDFLAGS patch -Np1 -i ../enable-libpkix.patch
sed -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/' \ patch -Np2 -i ../no-plt.diff
-i nss/coreconf/rules.mk
ln -sr nss/lib/ckfw/builtins/certdata.txt ../certs/ ln -sr nss/lib/ckfw/builtins/certdata.txt ../certs/
ln -sr nss/lib/ckfw/builtins/nssckbi.h ../certs/ ln -sr nss/lib/ckfw/builtins/nssckbi.h ../certs/
} }
build() { build() {
cd certs cd certs
python2 ../certdata2pem.py python2 ../certdata2pem.py
@ -45,26 +49,14 @@ build() {
sh bundle.sh sh bundle.sh
cd nss-$pkgver/nss cd nss-$pkgver/nss
export BUILD_OPT=1 PATH="$srcdir/path:$PATH" ./build.sh --opt --system-sqlite --system-nspr --disable-tests
export NSS_USE_SYSTEM_SQLITE=1
export NSS_ENABLE_ECC=1
export NSPR_INCLUDE_DIR="`nspr-config --includedir`"
export NSPR_LIB_DIR="`nspr-config --libdir`"
export XCFLAGS="${CFLAGS}"
export USE_64=1
make -C coreconf
make -C lib/dbm
make
} }
package_nss() { package_nss() {
cd nss-$pkgver cd nss-$pkgver
install -d "$pkgdir"/usr/{bin,include/nss,lib/pkgconfig}
NSS_VMAJOR=$(grep '#define.*NSS_VMAJOR' nss/lib/nss/nss.h | awk '{print $3}') { read _vmajor; read _vminor; read _vpatch; } \
NSS_VMINOR=$(grep '#define.*NSS_VMINOR' nss/lib/nss/nss.h | awk '{print $3}') < <(awk '/#define.*NSS_V(MAJOR|MINOR|PATCH)/ {print $3}' nss/lib/nss/nss.h)
NSS_VPATCH=$(grep '#define.*NSS_VPATCH' nss/lib/nss/nss.h | awk '{print $3}')
sed ../nss.pc.in \ sed ../nss.pc.in \
-e "s,%libdir%,/usr/lib,g" \ -e "s,%libdir%,/usr/lib,g" \
@ -72,8 +64,8 @@ package_nss() {
-e "s,%exec_prefix%,/usr/bin,g" \ -e "s,%exec_prefix%,/usr/bin,g" \
-e "s,%includedir%,/usr/include/nss,g" \ -e "s,%includedir%,/usr/include/nss,g" \
-e "s,%NSPR_VERSION%,${_nsprver},g" \ -e "s,%NSPR_VERSION%,${_nsprver},g" \
-e "s,%NSS_VERSION%,${pkgver},g" \ -e "s,%NSS_VERSION%,${pkgver},g" |
> "$pkgdir/usr/lib/pkgconfig/nss.pc" install -Dm644 /dev/stdin "$pkgdir/usr/lib/pkgconfig/nss.pc"
ln -s nss.pc "$pkgdir/usr/lib/pkgconfig/mozilla-nss.pc" ln -s nss.pc "$pkgdir/usr/lib/pkgconfig/mozilla-nss.pc"
sed ../nss-config.in \ sed ../nss-config.in \
@ -81,33 +73,33 @@ package_nss() {
-e "s,@prefix@,/usr/bin,g" \ -e "s,@prefix@,/usr/bin,g" \
-e "s,@exec_prefix@,/usr/bin,g" \ -e "s,@exec_prefix@,/usr/bin,g" \
-e "s,@includedir@,/usr/include/nss,g" \ -e "s,@includedir@,/usr/include/nss,g" \
-e "s,@MOD_MAJOR_VERSION@,${NSS_VMAJOR},g" \ -e "s,@MOD_MAJOR_VERSION@,${_vmajor},g" \
-e "s,@MOD_MINOR_VERSION@,${NSS_VMINOR},g" \ -e "s,@MOD_MINOR_VERSION@,${_vminor},g" \
-e "s,@MOD_PATCH_VERSION@,${NSS_VPATCH},g" \ -e "s,@MOD_PATCH_VERSION@,${_vpatch},g" |
> "$pkgdir/usr/bin/nss-config" install -D /dev/stdin "$pkgdir/usr/bin/nss-config"
chmod 755 "$pkgdir/usr/bin/nss-config" install -Dt "$pkgdir/usr/share/man/man1" -m644 ../nss-config.1
cd dist/*.OBJ/bin cd nss/doc/nroff
install -t "$pkgdir/usr/bin" *util shlibsign signtool signver ssltap install -Dt "$pkgdir/usr/share/man/man1" -m644 *util.1 signtool.1 signver.1 ssltap.1
cd ../../../dist
install -Dt "$pkgdir/usr/include/nss" -m644 public/nss/*.h
cd Release/bin
install -Dt "$pkgdir/usr/bin" *util shlibsign signtool signver ssltap
cd ../lib cd ../lib
install -t "$pkgdir/usr/lib" *.so install -Dt "$pkgdir/usr/lib" *.so
install -t "$pkgdir/usr/lib" -m644 libcrmf.a *.chk install -Dt "$pkgdir/usr/lib" -m644 *.chk
cd ../../public/nss ln -sf libnssckbi-p11-kit.so "$pkgdir/usr/lib/libnssckbi.so"
install -t "$pkgdir/usr/include/nss" -m644 *.h
rm "$pkgdir/usr/lib/libnssckbi.so"
ln -s pkcs11/p11-kit-trust.so "$pkgdir/usr/lib/libnssckbi.so"
} }
package_ca-certificates-mozilla() { package_ca-certificates-mozilla() {
pkgdesc="Mozilla's set of trusted CA certificates" pkgdesc="Mozilla's set of trusted CA certificates"
depends=("ca-certificates-utils>=20140923-1") depends=(ca-certificates-utils)
install=ca-certificates-mozilla.install install=ca-certificates-mozilla.install
local _certdir="$pkgdir/usr/share/ca-certificates/trust-source" install -Dm644 ca-bundle.trust.p11-kit \
install -Dm644 ca-bundle.trust.crt "$_certdir/mozilla.trust.crt" "$pkgdir/usr/share/ca-certificates/trust-source/mozilla.trust.p11-kit"
install -Dm644 ca-bundle.neutral-trust.crt "$_certdir/mozilla.neutral-trust.crt"
install -Dm644 ca-bundle.supplement.p11-kit "$_certdir/mozilla.supplement.p11-kit"
} }

624
nss/add_spi+cacert_ca_certs.patch
View File

@ -1,624 +0,0 @@
--- security/nss/lib/ckfw/builtins/certdata.txt.orig 2012-08-19 16:22:51.726895174 +0200
+++ security/nss/lib/ckfw/builtins/certdata.txt 2012-08-19 17:40:41.233306703 +0200
@@ -24454,3 +24454,621 @@
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "CAcert.org Class 1 Root CA"
+#
+# Issuer: E=support@cacert.org,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA
+# Serial Number: 0 (0x0)
+# Subject: E=support@cacert.org,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA
+# Not Valid Before: Sun Mar 30 12:29:49 2003
+# Not Valid After : Tue Mar 29 12:29:49 2033
+# Fingerprint (MD5): A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B
+# Fingerprint (SHA1): 13:5C:EC:36:F4:9C:B8:E9:3B:1A:B2:70:CD:80:88:46:76:CE:8F:33
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "CAcert.org Class 1 Root CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\171\061\020\060\016\006\003\125\004\012\023\007\122\157\157
+\164\040\103\101\061\036\060\034\006\003\125\004\013\023\025\150
+\164\164\160\072\057\057\167\167\167\056\143\141\143\145\162\164
+\056\157\162\147\061\042\060\040\006\003\125\004\003\023\031\103
+\101\040\103\145\162\164\040\123\151\147\156\151\156\147\040\101
+\165\164\150\157\162\151\164\171\061\041\060\037\006\011\052\206
+\110\206\367\015\001\011\001\026\022\163\165\160\160\157\162\164
+\100\143\141\143\145\162\164\056\157\162\147
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\171\061\020\060\016\006\003\125\004\012\023\007\122\157\157
+\164\040\103\101\061\036\060\034\006\003\125\004\013\023\025\150
+\164\164\160\072\057\057\167\167\167\056\143\141\143\145\162\164
+\056\157\162\147\061\042\060\040\006\003\125\004\003\023\031\103
+\101\040\103\145\162\164\040\123\151\147\156\151\156\147\040\101
+\165\164\150\157\162\151\164\171\061\041\060\037\006\011\052\206
+\110\206\367\015\001\011\001\026\022\163\165\160\160\157\162\164
+\100\143\141\143\145\162\164\056\157\162\147
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\000
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\007\075\060\202\005\045\240\003\002\001\002\002\001\000
+\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000\060
+\171\061\020\060\016\006\003\125\004\012\023\007\122\157\157\164
+\040\103\101\061\036\060\034\006\003\125\004\013\023\025\150\164
+\164\160\072\057\057\167\167\167\056\143\141\143\145\162\164\056
+\157\162\147\061\042\060\040\006\003\125\004\003\023\031\103\101
+\040\103\145\162\164\040\123\151\147\156\151\156\147\040\101\165
+\164\150\157\162\151\164\171\061\041\060\037\006\011\052\206\110
+\206\367\015\001\011\001\026\022\163\165\160\160\157\162\164\100
+\143\141\143\145\162\164\056\157\162\147\060\036\027\015\060\063
+\060\063\063\060\061\062\062\071\064\071\132\027\015\063\063\060
+\063\062\071\061\062\062\071\064\071\132\060\171\061\020\060\016
+\006\003\125\004\012\023\007\122\157\157\164\040\103\101\061\036
+\060\034\006\003\125\004\013\023\025\150\164\164\160\072\057\057
+\167\167\167\056\143\141\143\145\162\164\056\157\162\147\061\042
+\060\040\006\003\125\004\003\023\031\103\101\040\103\145\162\164
+\040\123\151\147\156\151\156\147\040\101\165\164\150\157\162\151
+\164\171\061\041\060\037\006\011\052\206\110\206\367\015\001\011
+\001\026\022\163\165\160\160\157\162\164\100\143\141\143\145\162
+\164\056\157\162\147\060\202\002\042\060\015\006\011\052\206\110
+\206\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002
+\012\002\202\002\001\000\316\042\300\342\106\175\354\066\050\007
+\120\226\362\240\063\100\214\113\361\073\146\077\061\345\153\002
+\066\333\326\174\366\361\210\217\116\167\066\005\101\225\371\011
+\360\022\317\106\206\163\140\267\156\176\350\300\130\144\256\315
+\260\255\105\027\014\143\372\147\012\350\326\322\277\076\347\230
+\304\360\114\372\340\003\273\065\135\154\041\336\236\040\331\272
+\315\146\062\067\162\372\367\010\365\307\315\130\311\216\347\016
+\136\352\076\376\034\241\024\012\025\154\206\204\133\144\146\052
+\172\251\113\123\171\365\210\242\173\356\057\012\141\053\215\262
+\176\115\126\245\023\354\352\332\222\236\254\104\101\036\130\140
+\145\005\146\370\300\104\275\313\224\367\102\176\013\367\145\150
+\230\121\005\360\363\005\221\004\035\033\027\202\354\310\127\273
+\303\153\172\210\361\260\162\314\045\133\040\221\354\026\002\022
+\217\062\351\027\030\110\320\307\005\056\002\060\102\270\045\234
+\005\153\077\252\072\247\353\123\110\367\350\322\266\007\230\334
+\033\306\064\177\177\311\034\202\172\005\130\053\010\133\363\070
+\242\253\027\135\146\311\230\327\236\020\213\242\322\335\164\232
+\367\161\014\162\140\337\315\157\230\063\235\226\064\166\076\044
+\172\222\260\016\225\036\157\346\240\105\070\107\252\327\101\355
+\112\267\022\366\327\033\203\212\017\056\330\011\266\131\327\252
+\004\377\322\223\175\150\056\335\213\113\253\130\272\057\215\352
+\225\247\240\303\124\211\245\373\333\213\121\042\235\262\303\276
+\021\276\054\221\206\213\226\170\255\040\323\212\057\032\077\306
+\320\121\145\207\041\261\031\001\145\177\105\034\207\365\174\320
+\101\114\117\051\230\041\375\063\037\165\014\004\121\372\031\167
+\333\324\024\034\356\201\303\035\365\230\267\151\006\221\042\335
+\000\120\314\201\061\254\022\007\173\070\332\150\133\346\053\324
+\176\311\137\255\350\353\162\114\363\001\345\113\040\277\232\246
+\127\312\221\000\001\213\241\165\041\067\265\143\015\147\076\106
+\117\160\040\147\316\305\326\131\333\002\340\360\322\313\315\272
+\142\267\220\101\350\335\040\344\051\274\144\051\102\310\042\334
+\170\232\377\103\354\230\033\011\121\113\132\132\302\161\361\304
+\313\163\251\345\241\013\002\003\001\000\001\243\202\001\316\060
+\202\001\312\060\035\006\003\125\035\016\004\026\004\024\026\265
+\062\033\324\307\363\340\346\216\363\275\322\260\072\356\262\071
+\030\321\060\201\243\006\003\125\035\043\004\201\233\060\201\230
+\200\024\026\265\062\033\324\307\363\340\346\216\363\275\322\260
+\072\356\262\071\030\321\241\175\244\173\060\171\061\020\060\016
+\006\003\125\004\012\023\007\122\157\157\164\040\103\101\061\036
+\060\034\006\003\125\004\013\023\025\150\164\164\160\072\057\057
+\167\167\167\056\143\141\143\145\162\164\056\157\162\147\061\042
+\060\040\006\003\125\004\003\023\031\103\101\040\103\145\162\164
+\040\123\151\147\156\151\156\147\040\101\165\164\150\157\162\151
+\164\171\061\041\060\037\006\011\052\206\110\206\367\015\001\011
+\001\026\022\163\165\160\160\157\162\164\100\143\141\143\145\162
+\164\056\157\162\147\202\001\000\060\017\006\003\125\035\023\001
+\001\377\004\005\060\003\001\001\377\060\062\006\003\125\035\037
+\004\053\060\051\060\047\240\045\240\043\206\041\150\164\164\160
+\163\072\057\057\167\167\167\056\143\141\143\145\162\164\056\157
+\162\147\057\162\145\166\157\153\145\056\143\162\154\060\060\006
+\011\140\206\110\001\206\370\102\001\004\004\043\026\041\150\164
+\164\160\163\072\057\057\167\167\167\056\143\141\143\145\162\164
+\056\157\162\147\057\162\145\166\157\153\145\056\143\162\154\060
+\064\006\011\140\206\110\001\206\370\102\001\010\004\047\026\045
+\150\164\164\160\072\057\057\167\167\167\056\143\141\143\145\162
+\164\056\157\162\147\057\151\156\144\145\170\056\160\150\160\077
+\151\144\075\061\060\060\126\006\011\140\206\110\001\206\370\102
+\001\015\004\111\026\107\124\157\040\147\145\164\040\171\157\165
+\162\040\157\167\156\040\143\145\162\164\151\146\151\143\141\164
+\145\040\146\157\162\040\106\122\105\105\040\150\145\141\144\040
+\157\166\145\162\040\164\157\040\150\164\164\160\072\057\057\167
+\167\167\056\143\141\143\145\162\164\056\157\162\147\060\015\006
+\011\052\206\110\206\367\015\001\001\004\005\000\003\202\002\001
+\000\050\307\356\234\202\002\272\134\200\022\312\065\012\035\201
+\157\211\152\231\314\362\150\017\177\247\341\215\130\225\076\275
+\362\006\303\220\132\254\265\140\366\231\103\001\243\210\160\234
+\235\142\235\244\207\257\147\130\015\060\066\073\346\255\110\323
+\313\164\002\206\161\076\342\053\003\150\361\064\142\100\106\073
+\123\352\050\364\254\373\146\225\123\212\115\135\375\073\331\140
+\327\312\171\151\073\261\145\222\246\306\201\202\134\234\315\353
+\115\001\212\245\337\021\125\252\025\312\037\067\300\202\230\160
+\141\333\152\174\226\243\216\056\124\076\117\041\251\220\357\334
+\202\277\334\350\105\255\115\220\163\010\074\224\145\260\004\231
+\166\177\342\274\302\152\025\252\227\004\067\044\330\036\224\116
+\155\016\121\276\326\304\217\312\226\155\367\103\337\350\060\145
+\047\073\173\273\103\103\143\304\103\367\262\354\150\314\341\031
+\216\042\373\230\341\173\132\076\001\067\073\213\010\260\242\363
+\225\116\032\313\233\315\232\261\333\262\160\360\055\112\333\330
+\260\343\157\105\110\063\022\377\376\074\062\052\124\367\304\367
+\212\360\210\043\302\107\376\144\172\161\300\321\036\246\143\260
+\007\176\244\057\323\001\217\334\237\053\266\306\010\251\017\223
+\110\045\374\022\375\237\102\334\363\304\076\366\127\260\327\335
+\151\321\006\167\064\012\113\322\312\240\377\034\306\214\311\026
+\276\304\314\062\067\150\163\137\010\373\121\367\111\123\066\005
+\012\225\002\114\362\171\032\020\366\330\072\165\234\363\035\361
+\242\015\160\147\206\033\263\026\365\057\345\244\353\171\206\371
+\075\013\302\163\013\245\231\254\157\374\147\270\345\057\013\246
+\030\044\215\173\321\110\065\051\030\100\254\223\140\341\226\206
+\120\264\172\131\330\217\041\013\237\317\202\221\306\073\277\153
+\334\007\221\271\227\126\043\252\266\154\224\306\110\006\074\344
+\316\116\252\344\366\057\011\334\123\157\056\374\164\353\072\143
+\231\302\246\254\211\274\247\262\104\240\015\212\020\343\154\362
+\044\313\372\233\237\160\107\056\336\024\213\324\262\040\011\226
+\242\144\361\044\034\334\241\065\234\025\262\324\274\125\056\175
+\006\365\234\016\125\364\132\326\223\332\166\255\045\163\114\305
+\103
+END
+
+# Trust for "CAcert.org Class 1 Root CA"
+# Issuer: E=support@cacert.org,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA
+# Serial Number: 0 (0x0)
+# Subject: E=support@cacert.org,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA
+# Not Valid Before: Sun Mar 30 12:29:49 2003
+# Not Valid After : Tue Mar 29 12:29:49 2033
+# Fingerprint (MD5): A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B
+# Fingerprint (SHA1): 13:5C:EC:36:F4:9C:B8:E9:3B:1A:B2:70:CD:80:88:46:76:CE:8F:33
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "CAcert.org Class 1 Root CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\023\134\354\066\364\234\270\351\073\032\262\160\315\200\210\106
+\166\316\217\063
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\246\033\067\136\071\015\234\066\124\356\275\040\061\106\037\153
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\171\061\020\060\016\006\003\125\004\012\023\007\122\157\157
+\164\040\103\101\061\036\060\034\006\003\125\004\013\023\025\150
+\164\164\160\072\057\057\167\167\167\056\143\141\143\145\162\164
+\056\157\162\147\061\042\060\040\006\003\125\004\003\023\031\103
+\101\040\103\145\162\164\040\123\151\147\156\151\156\147\040\101
+\165\164\150\157\162\151\164\171\061\041\060\037\006\011\052\206
+\110\206\367\015\001\011\001\026\022\163\165\160\160\157\162\164
+\100\143\141\143\145\162\164\056\157\162\147
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\000
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "CAcert.org Class 3 Root CA"
+#
+# Issuer: E=support@cacert.org,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA
+# Serial Number: 672138 (0xa418a)
+# Subject: CN=CAcert Class 3 Root,OU=http://www.CAcert.org,O=CAcert Inc.
+# Not Valid Before: Mon May 23 17:48:02 2011
+# Not Valid After : Thu May 20 17:48:02 2021
+# Fingerprint (MD5): F7:25:12:82:4E:67:B5:D0:8D:92:B7:7C:0B:86:7A:42
+# Fingerprint (SHA1): AD:7C:3F:64:FC:44:39:FE:F4:E9:0B:E8:F4:7C:6C:FA:8A:AD:FD:CE
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "CAcert.org Class 3 Root CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\124\061\024\060\022\006\003\125\004\012\023\013\103\101\143
+\145\162\164\040\111\156\143\056\061\036\060\034\006\003\125\004
+\013\023\025\150\164\164\160\072\057\057\167\167\167\056\103\101
+\143\145\162\164\056\157\162\147\061\034\060\032\006\003\125\004
+\003\023\023\103\101\143\145\162\164\040\103\154\141\163\163\040
+\063\040\122\157\157\164
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\171\061\020\060\016\006\003\125\004\012\023\007\122\157\157
+\164\040\103\101\061\036\060\034\006\003\125\004\013\023\025\150
+\164\164\160\072\057\057\167\167\167\056\143\141\143\145\162\164
+\056\157\162\147\061\042\060\040\006\003\125\004\003\023\031\103
+\101\040\103\145\162\164\040\123\151\147\156\151\156\147\040\101
+\165\164\150\157\162\151\164\171\061\041\060\037\006\011\052\206
+\110\206\367\015\001\011\001\026\022\163\165\160\160\157\162\164
+\100\143\141\143\145\162\164\056\157\162\147
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\003\012\101\212
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\007\131\060\202\005\101\240\003\002\001\002\002\003\012
+\101\212\060\015\006\011\052\206\110\206\367\015\001\001\013\005
+\000\060\171\061\020\060\016\006\003\125\004\012\023\007\122\157
+\157\164\040\103\101\061\036\060\034\006\003\125\004\013\023\025
+\150\164\164\160\072\057\057\167\167\167\056\143\141\143\145\162
+\164\056\157\162\147\061\042\060\040\006\003\125\004\003\023\031
+\103\101\040\103\145\162\164\040\123\151\147\156\151\156\147\040
+\101\165\164\150\157\162\151\164\171\061\041\060\037\006\011\052
+\206\110\206\367\015\001\011\001\026\022\163\165\160\160\157\162
+\164\100\143\141\143\145\162\164\056\157\162\147\060\036\027\015
+\061\061\060\065\062\063\061\067\064\070\060\062\132\027\015\062
+\061\060\065\062\060\061\067\064\070\060\062\132\060\124\061\024
+\060\022\006\003\125\004\012\023\013\103\101\143\145\162\164\040
+\111\156\143\056\061\036\060\034\006\003\125\004\013\023\025\150
+\164\164\160\072\057\057\167\167\167\056\103\101\143\145\162\164
+\056\157\162\147\061\034\060\032\006\003\125\004\003\023\023\103
+\101\143\145\162\164\040\103\154\141\163\163\040\063\040\122\157
+\157\164\060\202\002\042\060\015\006\011\052\206\110\206\367\015
+\001\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202
+\002\001\000\253\111\065\021\110\174\322\046\176\123\224\317\103
+\251\335\050\327\102\052\213\363\207\170\031\130\174\017\236\332
+\211\175\341\373\353\162\220\015\164\241\226\144\253\237\240\044
+\231\163\332\342\125\166\307\027\173\365\004\254\106\270\303\276
+\177\144\215\020\154\044\363\141\234\300\362\220\372\121\346\365
+\151\001\143\303\017\126\342\112\102\317\342\104\214\045\050\250
+\305\171\011\175\106\271\212\363\351\363\064\051\010\105\344\034
+\237\313\224\004\034\201\250\024\263\230\145\304\103\354\116\202
+\215\011\321\275\252\133\215\222\320\354\336\220\305\177\012\302
+\343\353\346\061\132\136\164\076\227\063\131\350\303\003\075\140
+\063\277\367\321\157\107\304\315\356\142\203\122\156\056\010\232
+\244\331\025\030\221\246\205\222\107\260\256\110\353\155\267\041
+\354\205\032\150\162\065\253\377\360\020\135\300\364\224\247\152
+\325\073\222\176\114\220\005\176\223\301\054\213\244\216\142\164
+\025\161\156\013\161\003\352\257\025\070\232\324\322\005\162\157
+\214\371\053\353\132\162\045\371\071\106\343\162\033\076\004\303
+\144\047\042\020\052\212\117\130\247\003\255\276\264\056\023\355
+\135\252\110\327\325\175\324\052\173\134\372\106\004\120\344\314
+\016\102\133\214\355\333\362\317\374\226\223\340\333\021\066\124
+\142\064\070\217\014\140\233\073\227\126\070\255\363\322\133\213
+\240\133\352\116\226\270\174\327\325\240\206\160\100\323\221\051
+\267\242\074\255\365\214\273\317\032\222\212\344\064\173\300\330
+\154\137\351\012\302\303\247\040\232\132\337\054\135\122\134\272
+\107\325\233\357\044\050\160\070\040\057\325\177\051\300\262\101
+\003\150\222\314\340\234\314\227\113\105\357\072\020\012\253\160
+\072\230\225\160\255\065\261\352\205\053\244\034\200\041\061\251
+\256\140\172\200\046\110\000\270\001\300\223\143\125\042\221\074
+\126\347\257\333\072\045\363\217\061\124\352\046\213\201\131\371
+\241\321\123\021\305\173\235\003\366\164\021\340\155\261\054\077
+\054\206\221\231\161\232\246\167\213\064\140\321\024\264\054\254
+\235\257\214\020\323\237\304\152\370\157\023\374\163\131\367\146
+\102\164\036\212\343\370\334\322\157\230\234\313\107\230\225\100
+\005\373\351\002\003\001\000\001\243\202\002\015\060\202\002\011
+\060\035\006\003\125\035\016\004\026\004\024\165\250\161\140\114
+\210\023\360\170\331\211\167\265\155\305\211\337\274\261\172\060
+\201\243\006\003\125\035\043\004\201\233\060\201\230\200\024\026
+\265\062\033\324\307\363\340\346\216\363\275\322\260\072\356\262
+\071\030\321\241\175\244\173\060\171\061\020\060\016\006\003\125
+\004\012\023\007\122\157\157\164\040\103\101\061\036\060\034\006
+\003\125\004\013\023\025\150\164\164\160\072\057\057\167\167\167
+\056\143\141\143\145\162\164\056\157\162\147\061\042\060\040\006
+\003\125\004\003\023\031\103\101\040\103\145\162\164\040\123\151
+\147\156\151\156\147\040\101\165\164\150\157\162\151\164\171\061
+\041\060\037\006\011\052\206\110\206\367\015\001\011\001\026\022
+\163\165\160\160\157\162\164\100\143\141\143\145\162\164\056\157
+\162\147\202\001\000\060\017\006\003\125\035\023\001\001\377\004
+\005\060\003\001\001\377\060\135\006\010\053\006\001\005\005\007
+\001\001\004\121\060\117\060\043\006\010\053\006\001\005\005\007
+\060\001\206\027\150\164\164\160\072\057\057\157\143\163\160\056
+\103\101\143\145\162\164\056\157\162\147\057\060\050\006\010\053
+\006\001\005\005\007\060\002\206\034\150\164\164\160\072\057\057
+\167\167\167\056\103\101\143\145\162\164\056\157\162\147\057\143
+\141\056\143\162\164\060\112\006\003\125\035\040\004\103\060\101
+\060\077\006\010\053\006\001\004\001\201\220\112\060\063\060\061
+\006\010\053\006\001\005\005\007\002\001\026\045\150\164\164\160
+\072\057\057\167\167\167\056\103\101\143\145\162\164\056\157\162
+\147\057\151\156\144\145\170\056\160\150\160\077\151\144\075\061
+\060\060\064\006\011\140\206\110\001\206\370\102\001\010\004\047
+\026\045\150\164\164\160\072\057\057\167\167\167\056\103\101\143
+\145\162\164\056\157\162\147\057\151\156\144\145\170\056\160\150
+\160\077\151\144\075\061\060\060\120\006\011\140\206\110\001\206
+\370\102\001\015\004\103\026\101\124\157\040\147\145\164\040\171
+\157\165\162\040\157\167\156\040\143\145\162\164\151\146\151\143
+\141\164\145\040\146\157\162\040\106\122\105\105\054\040\147\157
+\040\164\157\040\150\164\164\160\072\057\057\167\167\167\056\103
+\101\143\145\162\164\056\157\162\147\060\015\006\011\052\206\110
+\206\367\015\001\001\013\005\000\003\202\002\001\000\051\050\205
+\256\104\251\271\257\244\171\023\360\250\243\053\227\140\363\134
+\356\343\057\301\366\342\146\240\021\256\066\067\072\166\025\004
+\123\352\102\365\371\352\300\025\330\246\202\331\344\141\256\162
+\013\051\134\220\103\350\101\262\341\167\333\002\023\104\170\107
+\125\257\130\374\314\230\366\105\271\321\040\370\330\041\007\376
+\155\252\163\324\263\306\007\351\011\205\314\073\362\266\276\054
+\034\045\325\161\214\071\265\056\352\276\030\201\272\260\223\270
+\017\343\346\327\046\214\061\132\162\003\204\122\346\246\365\063
+\042\105\012\310\013\015\212\270\066\157\220\011\241\253\275\327
+\325\116\056\161\242\324\256\372\247\124\053\353\065\215\132\267
+\124\210\057\356\164\237\355\110\026\312\015\110\320\224\323\254
+\244\242\366\044\337\222\343\275\353\103\100\221\156\034\030\216
+\126\264\202\022\363\251\223\237\324\274\234\255\234\165\356\132
+\227\033\225\347\164\055\034\017\260\054\227\237\373\251\063\071
+\172\347\003\072\222\216\042\366\214\015\344\331\176\015\166\030
+\367\001\371\357\226\226\242\125\163\300\074\161\264\035\032\126
+\103\267\303\012\215\162\374\342\020\011\013\101\316\214\224\240
+\371\003\375\161\163\113\212\127\063\345\216\164\176\025\001\000
+\346\314\112\034\347\177\225\031\055\305\245\014\213\273\265\355
+\205\263\134\323\337\270\271\362\312\307\015\001\024\254\160\130
+\305\214\215\063\324\235\146\243\032\120\225\043\374\110\340\006
+\103\022\331\315\247\206\071\057\066\162\243\200\020\344\341\363
+\321\313\133\032\300\344\200\232\174\023\163\006\117\333\243\153
+\044\012\272\263\034\274\112\170\273\345\343\165\070\245\110\247
+\242\036\257\166\324\136\367\070\206\126\132\211\316\326\303\247
+\171\262\122\240\306\361\205\264\045\214\362\077\226\263\020\331
+\215\154\127\073\237\157\206\072\030\202\042\066\310\260\221\070
+\333\052\241\223\252\204\077\365\047\145\256\163\325\310\325\323
+\167\352\113\235\307\101\273\307\300\343\240\077\344\175\244\215
+\163\346\022\113\337\241\163\163\163\072\200\350\325\313\216\057
+\313\352\023\247\326\101\213\254\372\074\211\327\044\365\116\264
+\340\141\222\267\363\067\230\304\276\226\243\267\212
+END
+
+# Trust for "CAcert.org Class 3 Root CA"
+# Issuer: E=support@cacert.org,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA
+# Serial Number: 672138 (0xa418a)
+# Subject: CN=CAcert Class 3 Root,OU=http://www.CAcert.org,O=CAcert Inc.
+# Not Valid Before: Mon May 23 17:48:02 2011
+# Not Valid After : Thu May 20 17:48:02 2021
+# Fingerprint (MD5): F7:25:12:82:4E:67:B5:D0:8D:92:B7:7C:0B:86:7A:42
+# Fingerprint (SHA1): AD:7C:3F:64:FC:44:39:FE:F4:E9:0B:E8:F4:7C:6C:FA:8A:AD:FD:CE
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "CAcert.org Class 3 Root CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\255\174\077\144\374\104\071\376\364\351\013\350\364\174\154\372
+\212\255\375\316
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\367\045\022\202\116\147\265\320\215\222\267\174\013\206\172\102
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\171\061\020\060\016\006\003\125\004\012\023\007\122\157\157
+\164\040\103\101\061\036\060\034\006\003\125\004\013\023\025\150
+\164\164\160\072\057\057\167\167\167\056\143\141\143\145\162\164
+\056\157\162\147\061\042\060\040\006\003\125\004\003\023\031\103
+\101\040\103\145\162\164\040\123\151\147\156\151\156\147\040\101
+\165\164\150\157\162\151\164\171\061\041\060\037\006\011\052\206
+\110\206\367\015\001\011\001\026\022\163\165\160\160\157\162\164
+\100\143\141\143\145\162\164\056\157\162\147
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\003\012\101\212
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Software in the Public Interest"
+#
+# Issuer: E=hostmaster@spi-inc.org,CN=Certificate Authority,OU=hostmaster,O=Software in the Public Interest,L=Indianapolis,ST=Indiana,C=US
+# Serial Number:00:e8:8e:b6:c9:f8:2a:14:28
+# Subject: E=hostmaster@spi-inc.org,CN=Certificate Authority,OU=hostmaster,O=Software in the Public Interest,L=Indianapolis,ST=Indiana,C=US
+# Not Valid Before: Tue May 13 08:07:56 2008
+# Not Valid After : Fri May 11 08:07:56 2018
+# Fingerprint (MD5): 2A:47:9F:60:BB:83:74:6F:01:03:D7:0B:0D:F6:0D:78
+# Fingerprint (SHA1): AF:70:88:43:83:82:02:15:CD:61:C6:BC:EC:FD:37:24:A9:90:43:1C
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Software in the Public Interest"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\274\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\020\060\016\006\003\125\004\010\023\007\111\156\144\151\141
+\156\141\061\025\060\023\006\003\125\004\007\023\014\111\156\144
+\151\141\156\141\160\157\154\151\163\061\050\060\046\006\003\125
+\004\012\023\037\123\157\146\164\167\141\162\145\040\151\156\040
+\164\150\145\040\120\165\142\154\151\143\040\111\156\164\145\162
+\145\163\164\061\023\060\021\006\003\125\004\013\023\012\150\157
+\163\164\155\141\163\164\145\162\061\036\060\034\006\003\125\004
+\003\023\025\103\145\162\164\151\146\151\143\141\164\145\040\101
+\165\164\150\157\162\151\164\171\061\045\060\043\006\011\052\206
+\110\206\367\015\001\011\001\026\026\150\157\163\164\155\141\163
+\164\145\162\100\163\160\151\055\151\156\143\056\157\162\147
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\274\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\020\060\016\006\003\125\004\010\023\007\111\156\144\151\141
+\156\141\061\025\060\023\006\003\125\004\007\023\014\111\156\144
+\151\141\156\141\160\157\154\151\163\061\050\060\046\006\003\125
+\004\012\023\037\123\157\146\164\167\141\162\145\040\151\156\040
+\164\150\145\040\120\165\142\154\151\143\040\111\156\164\145\162
+\145\163\164\061\023\060\021\006\003\125\004\013\023\012\150\157
+\163\164\155\141\163\164\145\162\061\036\060\034\006\003\125\004
+\003\023\025\103\145\162\164\151\146\151\143\141\164\145\040\101
+\165\164\150\157\162\151\164\171\061\045\060\043\006\011\052\206
+\110\206\367\015\001\011\001\026\026\150\157\163\164\155\141\163
+\164\145\162\100\163\160\151\055\151\156\143\056\157\162\147
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\011\000\350\216\266\311\370\052\024\050
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\010\016\060\202\005\366\240\003\002\001\002\002\011\000
+\350\216\266\311\370\052\024\050\060\015\006\011\052\206\110\206
+\367\015\001\001\005\005\000\060\201\274\061\013\060\011\006\003
+\125\004\006\023\002\125\123\061\020\060\016\006\003\125\004\010
+\023\007\111\156\144\151\141\156\141\061\025\060\023\006\003\125
+\004\007\023\014\111\156\144\151\141\156\141\160\157\154\151\163
+\061\050\060\046\006\003\125\004\012\023\037\123\157\146\164\167
+\141\162\145\040\151\156\040\164\150\145\040\120\165\142\154\151
+\143\040\111\156\164\145\162\145\163\164\061\023\060\021\006\003
+\125\004\013\023\012\150\157\163\164\155\141\163\164\145\162\061
+\036\060\034\006\003\125\004\003\023\025\103\145\162\164\151\146
+\151\143\141\164\145\040\101\165\164\150\157\162\151\164\171\061
+\045\060\043\006\011\052\206\110\206\367\015\001\011\001\026\026
+\150\157\163\164\155\141\163\164\145\162\100\163\160\151\055\151
+\156\143\056\157\162\147\060\036\027\015\060\070\060\065\061\063
+\060\070\060\067\065\066\132\027\015\061\070\060\065\061\061\060
+\070\060\067\065\066\132\060\201\274\061\013\060\011\006\003\125
+\004\006\023\002\125\123\061\020\060\016\006\003\125\004\010\023
+\007\111\156\144\151\141\156\141\061\025\060\023\006\003\125\004
+\007\023\014\111\156\144\151\141\156\141\160\157\154\151\163\061
+\050\060\046\006\003\125\004\012\023\037\123\157\146\164\167\141
+\162\145\040\151\156\040\164\150\145\040\120\165\142\154\151\143
+\040\111\156\164\145\162\145\163\164\061\023\060\021\006\003\125
+\004\013\023\012\150\157\163\164\155\141\163\164\145\162\061\036
+\060\034\006\003\125\004\003\023\025\103\145\162\164\151\146\151
+\143\141\164\145\040\101\165\164\150\157\162\151\164\171\061\045
+\060\043\006\011\052\206\110\206\367\015\001\011\001\026\026\150
+\157\163\164\155\141\163\164\145\162\100\163\160\151\055\151\156
+\143\056\157\162\147\060\202\002\042\060\015\006\011\052\206\110
+\206\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002
+\012\002\202\002\001\000\334\066\346\107\102\302\304\121\165\051
+\207\100\303\330\216\041\006\322\030\116\353\357\040\275\220\074
+\205\020\023\214\051\133\224\143\366\364\055\361\006\102\221\271
+\031\304\102\151\010\277\213\066\105\352\050\005\063\111\110\240
+\047\103\223\065\212\101\330\170\263\360\357\263\156\055\335\321
+\313\175\352\364\165\046\323\076\220\072\356\327\347\054\004\265
+\174\341\365\174\305\116\357\167\275\134\242\223\063\222\316\175
+\201\110\317\153\265\042\054\010\203\375\323\325\317\073\055\375
+\265\111\220\133\366\255\115\023\312\336\323\246\235\123\121\161
+\143\106\370\112\026\134\230\356\055\155\232\026\241\166\220\342
+\140\103\231\326\211\326\154\056\172\230\262\013\003\054\343\172
+\117\307\335\343\314\343\112\152\215\171\122\372\364\301\257\056
+\217\052\010\313\033\051\202\222\162\103\274\316\210\251\252\247
+\212\121\103\125\205\232\067\003\170\223\310\360\275\264\101\310
+\007\102\232\313\065\227\172\212\201\145\336\035\124\010\001\361
+\144\134\267\027\032\121\274\036\303\131\207\166\030\026\230\356
+\277\366\147\201\213\006\065\305\113\155\131\031\307\322\306\110
+\276\156\024\050\203\112\020\234\033\365\157\274\251\216\365\151
+\376\262\301\125\314\347\024\311\371\133\024\123\121\007\352\316
+\075\344\117\050\037\074\141\011\327\063\322\156\247\156\324\307
+\023\011\157\153\135\024\356\235\211\033\245\152\362\366\370\320
+\162\216\352\162\037\057\064\152\051\012\305\012\354\034\100\205
+\022\367\246\245\323\117\255\300\205\214\114\174\163\040\314\123
+\030\361\262\130\114\001\365\277\352\144\325\134\071\305\316\154
+\314\123\132\126\272\101\017\045\337\153\120\266\307\212\240\275
+\002\302\305\073\125\245\262\144\042\204\121\050\126\256\061\356
+\136\373\013\026\115\106\005\221\200\104\355\254\155\360\127\250
+\372\353\141\110\240\313\033\263\037\216\315\305\041\167\003\204
+\036\374\254\243\103\010\143\214\355\371\047\357\264\260\135\147
+\326\117\355\320\213\076\135\133\311\221\275\226\002\204\075\305
+\115\274\102\077\164\375\074\135\254\134\110\066\136\207\061\057
+\030\154\304\150\356\241\213\311\131\320\030\343\000\200\263\124
+\047\056\231\360\025\123\002\003\001\000\001\243\202\002\017\060
+\202\002\013\060\035\006\003\125\035\016\004\026\004\024\064\161
+\321\070\327\025\066\203\107\153\327\067\144\102\073\216\215\122
+\235\253\060\201\361\006\003\125\035\043\004\201\351\060\201\346
+\200\024\064\161\321\070\327\025\066\203\107\153\327\067\144\102
+\073\216\215\122\235\253\241\201\302\244\201\277\060\201\274\061
+\013\060\011\006\003\125\004\006\023\002\125\123\061\020\060\016
+\006\003\125\004\010\023\007\111\156\144\151\141\156\141\061\025
+\060\023\006\003\125\004\007\023\014\111\156\144\151\141\156\141
+\160\157\154\151\163\061\050\060\046\006\003\125\004\012\023\037
+\123\157\146\164\167\141\162\145\040\151\156\040\164\150\145\040
+\120\165\142\154\151\143\040\111\156\164\145\162\145\163\164\061
+\023\060\021\006\003\125\004\013\023\012\150\157\163\164\155\141
+\163\164\145\162\061\036\060\034\006\003\125\004\003\023\025\103
+\145\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157
+\162\151\164\171\061\045\060\043\006\011\052\206\110\206\367\015
+\001\011\001\026\026\150\157\163\164\155\141\163\164\145\162\100
+\163\160\151\055\151\156\143\056\157\162\147\202\011\000\350\216
+\266\311\370\052\024\050\060\017\006\003\125\035\023\001\001\377
+\004\005\060\003\001\001\377\060\021\006\011\140\206\110\001\206
+\370\102\001\001\004\004\003\002\000\007\060\011\006\003\125\035
+\022\004\002\060\000\060\056\006\011\140\206\110\001\206\370\102
+\001\015\004\041\026\037\123\157\146\164\167\141\162\145\040\151
+\156\040\164\150\145\040\120\165\142\154\151\143\040\111\156\164
+\145\162\145\163\164\060\060\006\011\140\206\110\001\206\370\102
+\001\004\004\043\026\041\150\164\164\160\163\072\057\057\143\141
+\056\163\160\151\055\151\156\143\056\157\162\147\057\143\141\055
+\143\162\154\056\160\145\155\060\062\006\011\140\206\110\001\206
+\370\102\001\003\004\045\026\043\150\164\164\160\163\072\057\057
+\143\141\056\163\160\151\055\151\156\143\056\157\162\147\057\143
+\145\162\164\055\143\162\154\056\160\145\155\060\041\006\003\125
+\035\021\004\032\060\030\201\026\150\157\163\164\155\141\163\164
+\145\162\100\163\160\151\055\151\156\143\056\157\162\147\060\016
+\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060\015
+\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202\002
+\001\000\264\315\275\340\271\352\262\003\053\176\062\351\336\162
+\077\311\113\202\136\235\342\257\125\011\242\014\124\350\317\030
+\074\050\040\035\251\273\003\002\057\122\071\042\371\027\317\255
+\147\220\263\003\177\330\025\343\153\176\273\233\126\001\257\065
+\324\332\271\307\147\027\233\324\325\016\067\263\040\101\056\014
+\001\304\133\371\145\076\302\141\350\322\360\152\225\160\303\306
+\157\325\065\244\254\131\162\341\211\337\241\240\235\044\275\051
+\171\351\141\052\331\323\036\311\106\244\010\170\101\222\162\017
+\253\024\165\355\011\360\242\360\134\357\303\012\142\040\267\302
+\050\146\256\114\057\056\217\105\143\046\226\360\356\061\346\213
+\125\233\252\072\371\202\071\035\210\074\342\007\165\032\341\017
+\261\060\274\161\062\322\072\376\372\241\211\363\103\054\326\162
+\304\171\247\025\110\005\300\330\055\162\002\343\313\075\026\152
+\272\311\270\021\020\342\111\205\314\226\107\140\005\045\056\357
+\165\131\063\365\107\031\026\357\332\154\137\007\310\246\120\266
+\035\313\146\064\045\374\146\203\353\305\266\060\101\370\106\104
+\142\250\301\014\124\346\352\114\132\050\346\256\306\267\376\177
+\073\226\250\056\356\307\150\076\335\000\075\051\257\052\143\253
+\137\356\111\052\055\305\334\373\321\306\323\321\227\126\122\206
+\266\224\353\324\140\121\267\374\036\233\314\002\233\324\037\217
+\371\112\217\266\056\050\073\027\314\305\246\005\343\322\323\265
+\306\003\311\341\110\102\233\313\077\344\027\340\376\015\001\225
+\011\272\270\015\161\344\011\160\167\102\330\115\341\102\251\140
+\203\327\027\211\103\322\324\335\247\030\266\253\324\044\045\207
+\265\324\342\374\056\042\151\275\255\150\054\377\162\265\230\252
+\006\234\347\052\152\270\241\223\166\316\260\363\177\234\341\340
+\117\270\330\206\106\245\063\002\054\045\141\067\052\222\310\254
+\201\164\150\143\207\063\166\275\005\177\136\325\325\002\155\275
+\257\377\052\132\252\111\354\230\171\107\123\221\366\016\064\132
+\311\245\306\353\262\343\305\254\266\240\160\065\273\310\121\151
+\320\362\265\242\062\156\274\077\240\067\071\174\161\066\246\005
+\337\014\022\344\026\247\305\326\313\143\243\225\160\077\346\004
+\243\140
+END
+
+# Trust for "Software in the Public Interest"
+# Issuer: E=hostmaster@spi-inc.org,CN=Certificate Authority,OU=hostmaster,O=Software in the Public Interest,L=Indianapolis,ST=Indiana,C=US
+# Serial Number:00:e8:8e:b6:c9:f8:2a:14:28
+# Subject: E=hostmaster@spi-inc.org,CN=Certificate Authority,OU=hostmaster,O=Software in the Public Interest,L=Indianapolis,ST=Indiana,C=US
+# Not Valid Before: Tue May 13 08:07:56 2008
+# Not Valid After : Fri May 11 08:07:56 2018
+# Fingerprint (MD5): 2A:47:9F:60:BB:83:74:6F:01:03:D7:0B:0D:F6:0D:78
+# Fingerprint (SHA1): AF:70:88:43:83:82:02:15:CD:61:C6:BC:EC:FD:37:24:A9:90:43:1C
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Software in the Public Interest"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\257\160\210\103\203\202\002\025\315\141\306\274\354\375\067\044
+\251\220\103\034
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\052\107\237\140\273\203\164\157\001\003\327\013\015\366\015\170
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\274\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\020\060\016\006\003\125\004\010\023\007\111\156\144\151\141
+\156\141\061\025\060\023\006\003\125\004\007\023\014\111\156\144
+\151\141\156\141\160\157\154\151\163\061\050\060\046\006\003\125
+\004\012\023\037\123\157\146\164\167\141\162\145\040\151\156\040
+\164\150\145\040\120\165\142\154\151\143\040\111\156\164\145\162
+\145\163\164\061\023\060\021\006\003\125\004\013\023\012\150\157
+\163\164\155\141\163\164\145\162\061\036\060\034\006\003\125\004
+\003\023\025\103\145\162\164\151\146\151\143\141\164\145\040\101
+\165\164\150\157\162\151\164\171\061\045\060\043\006\011\052\206
+\110\206\367\015\001\011\001\026\026\150\157\163\164\155\141\163
+\164\145\162\100\163\160\151\055\151\156\143\056\157\162\147
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\011\000\350\216\266\311\370\052\024\050
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE

42
nss/bundle.sh
View File

@ -5,11 +5,8 @@
cat <<EOF cat <<EOF
# This is a bundle of X.509 certificates of public Certificate # This is a bundle of X.509 certificates of public Certificate
# Authorities. It was generated from the Mozilla root CA list. # Authorities. It was generated from the Mozilla root CA list.
# These certificates are in the OpenSSL "TRUSTED CERTIFICATE" # These certificates and trust/distrust attributes use the file format accepted
# format and have trust bits set accordingly. # by the p11-kit-trust module.
# An exception are auxiliary certificates, without positive or negative
# trust, but are used to assist in finding a preferred trust path.
# Those neutral certificates use the plain BEGIN CERTIFICATE format.
# #
# Source: nss/lib/ckfw/builtins/certdata.txt # Source: nss/lib/ckfw/builtins/certdata.txt
# Source: nss/lib/ckfw/builtins/nssckbi.h # Source: nss/lib/ckfw/builtins/nssckbi.h
@ -18,37 +15,8 @@
EOF EOF
cat certs/nssckbi.h | grep -w NSS_BUILTINS_LIBRARY_VERSION | awk '{print "# " $2 " " $3}' cat certs/nssckbi.h | grep -w NSS_BUILTINS_LIBRARY_VERSION | awk '{print "# " $2 " " $3}'
echo '#' echo '#'
) > ca-bundle.trust.crt ) > ca-bundle.trust.p11-kit
for f in certs/*.crt; do
echo "processing $f"
tbits=`sed -n '/^# openssl-trust/{s/^.*=//;p;}' $f`
distbits=`sed -n '/^# openssl-distrust/{s/^.*=//;p;}' $f`
alias=`sed -n '/^# alias=/{s/^.*=//;p;q;}' $f | sed "s/'//g" | sed 's/"//g'`
targs=""
if [ -n "$tbits" ]; then
for t in $tbits; do
targs="${targs} -addtrust $t"
done
fi
if [ -n "$distbits" ]; then
for t in $distbits; do
targs="${targs} -addreject $t"
done
fi
if [ -n "$targs" ]; then
echo "trust flags $targs for $f" >> info.trust
openssl x509 -text -in "$f" -trustout $targs -setalias "$alias" >> ca-bundle.trust.crt
else
echo "no trust flags for $f" >> info.notrust
# p11-kit-trust defines empty trust lists as "rejected for all purposes".
# That's why we use the simple file format
# (BEGIN CERTIFICATE, no trust information)
# because p11-kit-trust will treat it as a certificate with neutral trust.
# This means we cannot use the -setalias feature for neutral trust certs.
openssl x509 -text -in "$f" >> ca-bundle.neutral-trust.crt
fi
done
for p in certs/*.p11-kit; do for p in certs/*.tmp-p11-kit; do
cat "$p" >> ca-bundle.supplement.p11-kit cat "$p" >> ca-bundle.trust.p11-kit
done done

204
nss/certdata2pem.py
View File

@ -27,6 +27,7 @@ import re
import sys import sys
import textwrap import textwrap
import urllib import urllib
import subprocess
objects = [] objects = []
@ -113,6 +114,17 @@ def obj_to_filename(obj):
serial = printable_serial(obj) serial = printable_serial(obj)
return label + ":" + serial return label + ":" + serial
def write_cert_ext_to_file(f, oid, value, public_key):
f.write("[p11-kit-object-v1]\n")
f.write("label: ");
f.write(tobj['CKA_LABEL'])
f.write("\n")
f.write("class: x-certificate-extension\n");
f.write("object-id: " + oid + "\n")
f.write("value: \"" + value + "\"\n")
f.write("modifiable: false\n");
f.write(public_key)
trust_types = { trust_types = {
"CKA_TRUST_DIGITAL_SIGNATURE": "digital-signature", "CKA_TRUST_DIGITAL_SIGNATURE": "digital-signature",
"CKA_TRUST_NON_REPUDIATION": "non-repudiation", "CKA_TRUST_NON_REPUDIATION": "non-repudiation",
@ -132,6 +144,18 @@ trust_types = {
"CKA_TRUST_STEP_UP_APPROVED": "step-up-approved", "CKA_TRUST_STEP_UP_APPROVED": "step-up-approved",
} }
legacy_trust_types = {
"LEGACY_CKA_TRUST_SERVER_AUTH": "server-auth",
"LEGACY_CKA_TRUST_CODE_SIGNING": "code-signing",
"LEGACY_CKA_TRUST_EMAIL_PROTECTION": "email-protection",
}
legacy_to_real_trust_types = {
"LEGACY_CKA_TRUST_SERVER_AUTH": "CKA_TRUST_SERVER_AUTH",
"LEGACY_CKA_TRUST_CODE_SIGNING": "CKA_TRUST_CODE_SIGNING",
"LEGACY_CKA_TRUST_EMAIL_PROTECTION": "CKA_TRUST_EMAIL_PROTECTION",
}
openssl_trust = { openssl_trust = {
"CKA_TRUST_SERVER_AUTH": "serverAuth", "CKA_TRUST_SERVER_AUTH": "serverAuth",
"CKA_TRUST_CLIENT_AUTH": "clientAuth", "CKA_TRUST_CLIENT_AUTH": "clientAuth",
@ -147,6 +171,8 @@ for tobj in objects:
distrustbits = [] distrustbits = []
openssl_trustflags = [] openssl_trustflags = []
openssl_distrustflags = [] openssl_distrustflags = []
legacy_trustbits = []
legacy_openssl_trustflags = []
for t in trust_types.keys(): for t in trust_types.keys():
if tobj.has_key(t) and tobj[t] == 'CKT_NSS_TRUSTED_DELEGATOR': if tobj.has_key(t) and tobj[t] == 'CKT_NSS_TRUSTED_DELEGATOR':
trustbits.append(t) trustbits.append(t)
@ -157,29 +183,180 @@ for tobj in objects:
if t in openssl_trust: if t in openssl_trust:
openssl_distrustflags.append(openssl_trust[t]) openssl_distrustflags.append(openssl_trust[t])
for t in legacy_trust_types.keys():
if tobj.has_key(t) and tobj[t] == 'CKT_NSS_TRUSTED_DELEGATOR':
real_t = legacy_to_real_trust_types[t]
legacy_trustbits.append(real_t)
if real_t in openssl_trust:
legacy_openssl_trustflags.append(openssl_trust[real_t])
if tobj.has_key(t) and tobj[t] == 'CKT_NSS_NOT_TRUSTED':
raise NotImplementedError, 'legacy distrust not supported.\n' + line
fname = obj_to_filename(tobj) fname = obj_to_filename(tobj)
try: try:
obj = certmap[key] obj = certmap[key]
except: except:
obj = None obj = None
if obj != None: # optional debug code, that dumps the parsed input to files
fname += ".crt" #fulldump = "dump-" + fname
else: #dumpf = open(fulldump, 'w')
fname += ".p11-kit" #dumpf.write(str(obj));
#dumpf.write(str(tobj));
#dumpf.close();
f = open(fname, 'w') is_legacy = 0
if obj != None: if tobj.has_key('LEGACY_CKA_TRUST_SERVER_AUTH') or tobj.has_key('LEGACY_CKA_TRUST_EMAIL_PROTECTION') or tobj.has_key('LEGACY_CKA_TRUST_CODE_SIGNING'):
is_legacy = 1
if obj == None:
raise NotImplementedError, 'found legacy trust without certificate.\n' + line
legacy_fname = "legacy-default/" + fname + ".crt"
f = open(legacy_fname, 'w')
f.write("# alias=%s\n"%tobj['CKA_LABEL']) f.write("# alias=%s\n"%tobj['CKA_LABEL'])
f.write("# trust=" + " ".join(trustbits) + "\n") f.write("# trust=" + " ".join(legacy_trustbits) + "\n")
f.write("# distrust=" + " ".join(distrustbits) + "\n") if legacy_openssl_trustflags:
if openssl_trustflags: f.write("# openssl-trust=" + " ".join(legacy_openssl_trustflags) + "\n")
f.write("# openssl-trust=" + " ".join(openssl_trustflags) + "\n")
if openssl_distrustflags:
f.write("# openssl-distrust=" + " ".join(openssl_distrustflags) + "\n")
f.write("-----BEGIN CERTIFICATE-----\n") f.write("-----BEGIN CERTIFICATE-----\n")
f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64))) f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64)))
f.write("\n-----END CERTIFICATE-----\n") f.write("\n-----END CERTIFICATE-----\n")
f.close()
if tobj.has_key('CKA_TRUST_SERVER_AUTH') or tobj.has_key('CKA_TRUST_EMAIL_PROTECTION') or tobj.has_key('CKA_TRUST_CODE_SIGNING'):
legacy_fname = "legacy-disable/" + fname + ".crt"
f = open(legacy_fname, 'w')
f.write("# alias=%s\n"%tobj['CKA_LABEL'])
f.write("# trust=" + " ".join(trustbits) + "\n")
if openssl_trustflags:
f.write("# openssl-trust=" + " ".join(openssl_trustflags) + "\n")
f.write("-----BEGIN CERTIFICATE-----\n")
f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64)))
f.write("\n-----END CERTIFICATE-----\n")
f.close()
# don't produce p11-kit output for legacy certificates
continue
pk = ''
cert_comment = ''
if obj != None:
# must extract the public key from the cert, let's use openssl
cert_fname = "cert-" + fname
fc = open(cert_fname, 'w')
fc.write("-----BEGIN CERTIFICATE-----\n")
fc.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64)))
fc.write("\n-----END CERTIFICATE-----\n")
fc.close();
pk_fname = "pubkey-" + fname
fpkout = open(pk_fname, "w")
dump_pk_command = ["openssl", "x509", "-in", cert_fname, "-noout", "-pubkey"]
subprocess.call(dump_pk_command, stdout=fpkout)
fpkout.close()
with open (pk_fname, "r") as myfile:
pk=myfile.read()
# obtain certificate information suitable as a comment
comment_fname = "comment-" + fname
fcout = open(comment_fname, "w")
comment_command = ["openssl", "x509", "-in", cert_fname, "-noout", "-text"]
subprocess.call(comment_command, stdout=fcout)
fcout.close()
sed_command = ["sed", "--in-place", "s/^/#/", comment_fname]
subprocess.call(sed_command)
with open (comment_fname, "r") as myfile:
cert_comment=myfile.read()
fname += ".tmp-p11-kit"
f = open(fname, 'w')
if obj != None:
is_distrusted = False
has_server_trust = False
has_email_trust = False
has_code_trust = False
if tobj.has_key('CKA_TRUST_SERVER_AUTH'):
if tobj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_NOT_TRUSTED':
is_distrusted = True
elif tobj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_TRUSTED_DELEGATOR':
has_server_trust = True
if tobj.has_key('CKA_TRUST_EMAIL_PROTECTION'):
if tobj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NSS_NOT_TRUSTED':
is_distrusted = True
elif tobj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NSS_TRUSTED_DELEGATOR':
has_email_trust = True
if tobj.has_key('CKA_TRUST_CODE_SIGNING'):
if tobj['CKA_TRUST_CODE_SIGNING'] == 'CKT_NSS_NOT_TRUSTED':
is_distrusted = True
elif tobj['CKA_TRUST_CODE_SIGNING'] == 'CKT_NSS_TRUSTED_DELEGATOR':
has_code_trust = True
if is_distrusted:
trust_ext_oid = "1.3.6.1.4.1.3319.6.10.1"
trust_ext_value = "0.%06%0a%2b%06%01%04%01%99w%06%0a%01%04 0%1e%06%08%2b%06%01%05%05%07%03%04%06%08%2b%06%01%05%05%07%03%01%06%08%2b%06%01%05%05%07%03%03"
write_cert_ext_to_file(f, trust_ext_oid, trust_ext_value, pk)
trust_ext_oid = "2.5.29.37"
if has_server_trust:
if has_email_trust:
if has_code_trust:
# server + email + code
trust_ext_value = "0%2a%06%03U%1d%25%01%01%ff%04 0%1e%06%08%2b%06%01%05%05%07%03%04%06%08%2b%06%01%05%05%07%03%01%06%08%2b%06%01%05%05%07%03%03"
else:
# server + email
trust_ext_value = "0 %06%03U%1d%25%01%01%ff%04%160%14%06%08%2b%06%01%05%05%07%03%04%06%08%2b%06%01%05%05%07%03%01"
else:
if has_code_trust:
# server + code
trust_ext_value = "0 %06%03U%1d%25%01%01%ff%04%160%14%06%08%2b%06%01%05%05%07%03%01%06%08%2b%06%01%05%05%07%03%03"
else:
# server
trust_ext_value = "0%16%06%03U%1d%25%01%01%ff%04%0c0%0a%06%08%2b%06%01%05%05%07%03%01"
else:
if has_email_trust:
if has_code_trust:
# email + code
trust_ext_value = "0 %06%03U%1d%25%01%01%ff%04%160%14%06%08%2b%06%01%05%05%07%03%04%06%08%2b%06%01%05%05%07%03%03"
else:
# email
trust_ext_value = "0%16%06%03U%1d%25%01%01%ff%04%0c0%0a%06%08%2b%06%01%05%05%07%03%04"
else:
if has_code_trust:
# code
trust_ext_value = "0%16%06%03U%1d%25%01%01%ff%04%0c0%0a%06%08%2b%06%01%05%05%07%03%03"
else:
# none
trust_ext_value = "0%18%06%03U%1d%25%01%01%ff%04%0e0%0c%06%0a%2b%06%01%04%01%99w%06%0a%10"
# no 2.5.29.37 for neutral certificates
if (is_distrusted or has_server_trust or has_email_trust or has_code_trust):
write_cert_ext_to_file(f, trust_ext_oid, trust_ext_value, pk)
pk = ''
f.write("\n")
f.write("[p11-kit-object-v1]\n")
f.write("label: ");
f.write(tobj['CKA_LABEL'])
f.write("\n")
if is_distrusted:
f.write("x-distrusted: true\n")
elif has_server_trust or has_email_trust or has_code_trust:
f.write("trusted: true\n")
else:
f.write("trusted: false\n")
# requires p11-kit >= 0.23.4
f.write("nss-mozilla-ca-policy: true\n")
f.write("modifiable: false\n");
f.write("-----BEGIN CERTIFICATE-----\n")
f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64)))
f.write("\n-----END CERTIFICATE-----\n")
f.write(cert_comment)
f.write("\n")
else: else:
f.write("[p11-kit-object-v1]\n") f.write("[p11-kit-object-v1]\n")
f.write("label: "); f.write("label: ");
@ -187,6 +364,7 @@ for tobj in objects:
f.write("\n") f.write("\n")
f.write("class: certificate\n") f.write("class: certificate\n")
f.write("certificate-type: x-509\n") f.write("certificate-type: x-509\n")
f.write("modifiable: false\n");
f.write("issuer: \""); f.write("issuer: \"");
f.write(urllib.quote(tobj['CKA_ISSUER'])); f.write(urllib.quote(tobj['CKA_ISSUER']));
f.write("\"\n") f.write("\"\n")
@ -196,5 +374,5 @@ for tobj in objects:
if (tobj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_NOT_TRUSTED') or (tobj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NSS_NOT_TRUSTED') or (tobj['CKA_TRUST_CODE_SIGNING'] == 'CKT_NSS_NOT_TRUSTED'): if (tobj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_NOT_TRUSTED') or (tobj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NSS_NOT_TRUSTED') or (tobj['CKA_TRUST_CODE_SIGNING'] == 'CKT_NSS_NOT_TRUSTED'):
f.write("x-distrusted: true\n") f.write("x-distrusted: true\n")
f.write("\n\n") f.write("\n\n")
f.close() f.close()
print " -> written as '%s', trust = %s, openssl-trust = %s, distrust = %s, openssl-distrust = %s" % (fname, trustbits, openssl_trustflags, distrustbits, openssl_distrustflags) print " -> written as '%s', trust = %s, openssl-trust = %s, distrust = %s, openssl-distrust = %s" % (fname, trustbits, openssl_trustflags, distrustbits, openssl_distrustflags)

12
nss/enable-libpkix.patch Normal file
View File

@ -0,0 +1,12 @@
diff -u -r nss-3.31/nss/build.sh nss-3.31-libpkix/nss/build.sh
--- nss-3.31/nss/build.sh 2017-06-08 12:53:01.000000000 +0200
+++ nss-3.31-libpkix/nss/build.sh 2017-06-09 19:11:21.746133040 +0200
@@ -52,7 +52,7 @@
no_local_nspr=0
armhf=0
-gyp_params=(--depth="$cwd" --generator-output=".")
+gyp_params=(--depth="$cwd" --generator-output="." -Ddisable_libpkix=0)
nspr_params=()
ninja_params=()

1402
nss/legacy-certs.patch
View File

File diff suppressed because it is too large Load Diff

48
nss/no-plt.diff Normal file
View File

@ -0,0 +1,48 @@
diff --git i/security/nss/lib/freebl/mpi/mpi_x86.s w/security/nss/lib/freebl/mpi/mpi_x86.s
index 8f7e2130c3264754..b3ca1ce5b41b3771 100644
--- i/security/nss/lib/freebl/mpi/mpi_x86.s
+++ w/security/nss/lib/freebl/mpi/mpi_x86.s
@@ -22,22 +22,41 @@ is_sse: .long -1
#
.ifndef NO_PIC
.macro GET var,reg
- movl \var@GOTOFF(%ebx),\reg
+ call thunk.ax
+ addl $_GLOBAL_OFFSET_TABLE_, %eax
+ movl \var@GOTOFF(%eax),\reg
.endm
.macro PUT reg,var
- movl \reg,\var@GOTOFF(%ebx)
+ call thunk.dx
+ addl $_GLOBAL_OFFSET_TABLE_, %edx
+ movl \reg,\var@GOTOFF(%edx)
.endm
.else
.macro GET var,reg
movl \var,\reg
.endm
.macro PUT reg,var
movl \reg,\var
.endm
.endif
.text
+.ifndef NO_PIC
+.globl thunk.ax
+.hidden thunk.ax
+.type thunk.ax, @function
+thunk.ax:
+ movl (%esp),%eax
+ ret
+
+.globl thunk.dx
+.hidden thunk.dx
+.type thunk.dx, @function
+thunk.dx:
+ movl (%esp),%edx
+ ret
+.endif
# ebp - 36: caller's esi
# ebp - 32: caller's edi

132
nss/nss-config.xml Normal file
View File

@ -0,0 +1,132 @@
<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY date SYSTEM "date.xml">
<!ENTITY version SYSTEM "version.xml">
]>
<refentry id="nss-config">
<refentryinfo>
<date>&date;</date>
<title>Network Security Services</title>
<productname>nss</productname>
<productnumber>&version;</productnumber>
</refentryinfo>
<refmeta>
<refentrytitle>nss-config</refentrytitle>
<manvolnum>1</manvolnum>
</refmeta>
<refnamediv>
<refname>nss-config</refname>
<refpurpose>Return meta information about nss libraries</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>nss-config</command>
<arg><option>--prefix</option></arg>
<arg><option>--exec-prefix</option></arg>
<arg><option>--includedir</option></arg>
<arg><option>--libs</option></arg>
<arg><option>--cflags</option></arg>
<arg><option>--libdir</option></arg>
<arg><option>--version</option></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsection id="description">
<title>Description</title>
<para><command>nss-config</command> is a shell scrip
tool which can be used to obtain gcc options for building client pacakges of nspt. </para>
</refsection>
<refsection>
<title>Options</title>
<variablelist>
<varlistentry>
<term><option>--prefix</option></term>
<listitem><simpara>Returns the top level system directory under which the nss libraries are installed.</simpara></listitem>
</varlistentry>
<varlistentry>
<term><option>--exec-prefix</option></term>
<listitem><simpara>returns the top level system directory under which any nss binaries would be installed.</simpara></listitem>
</varlistentry>
<varlistentry>
<term><option>--includedir</option> <replaceable>count</replaceable></term>
<listitem><simpara>returns the path to the directory were the nss libraries are installed.</simpara></listitem>
</varlistentry>
<varlistentry>
<term><option>--version</option></term>
<listitem><simpara>returns the upstream version of nss in the form major_version-minor_version-patch_version.</simpara></listitem>
</varlistentry>
<varlistentry>
<term><option>--libs</option></term>
<listitem><simpara>returns the compiler linking flags.</simpara></listitem>
</varlistentry>
<varlistentry>
<term><option>--cflags</option></term>
<listitem><simpara>returns the compiler include flags.</simpara></listitem>
</varlistentry>
<varlistentry>
<term><option>--libdir</option></term>
<listitem><simpara>returns the path to the directory were the nss libraries are installed.</simpara></listitem>
</varlistentry>
</variablelist>
</refsection>
<refsection>
<title>Examples</title>
<para>The following example will query for both include path and linkage flags:
<programlisting>
/usr/bin/nss-config --cflags --libs
</programlisting>
</para>
</refsection>
<refsection>
<title>Files</title>
<para><filename>/usr/bin/nss-config</filename></para>
</refsection>
<refsection>
<title>See also</title>
<para>pkg-config(1)</para>
</refsection>
<refsection id="authors">
<title>Authors</title>
<para>The nss liraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
<para>
Authors: Elio Maldonado &lt;emaldona@redhat.com>.
</para>
</refsection>
<!-- don't change -->
<refsection id="license">
<title>LICENSE</title>
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
</para>
</refsection>
</refentry>

2
nss/nss.pc.in
View File

@ -7,5 +7,5 @@ Name: NSS
Description: Network Security Services Description: Network Security Services
Version: %NSS_VERSION% Version: %NSS_VERSION%
Requires: nspr >= %NSPR_VERSION% Requires: nspr >= %NSPR_VERSION%
Libs: -lssl3 -lsmime3 -lnss3 -lnssutil3 Libs: -L${libdir} -lssl3 -lsmime3 -lnss3 -lnssutil3
Cflags: -I${includedir} Cflags: -I${includedir}

21
nss/ssl-renegotiate-transitional.patch
View File

@ -1,21 +0,0 @@
Enable transitional scheme for ssl renegotiation:
(from mozilla/security/nss/lib/ssl/ssl.h)
Disallow unsafe renegotiation in server sockets only, but allow clients
to continue to renegotiate with vulnerable servers.
This value should only be used during the transition period when few
servers have been upgraded.
diff --git a/mozilla/security/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/ssl/sslsock.c
index f1d1921..c074360 100644
--- a/mozilla/security/nss/lib/ssl/sslsock.c
+++ b/mozilla/security/nss/lib/ssl/sslsock.c
@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = {
PR_FALSE, /* noLocks */
PR_FALSE, /* enableSessionTickets */
PR_FALSE, /* enableDeflate */
- 2, /* enableRenegotiation (default: requires extension) */
+ 3, /* enableRenegotiation (default: transitional) */
PR_FALSE, /* requireSafeNegotiation */
};