Commit Graph

71 Commits

Author SHA1 Message Date
Xi Ruoyao
d3562bc2f0
verify hg.mozilla.org with bundled CA root
Before this, make-ca does not verify the certificate of hg.mozilla.org
at all.  It makes sense as make-ca often runs on systems without trust
anchor.  But, a MIM can easily fake hg.mozilla.org and completely hijack
the trust anchor of a BLFS system.

To improve the situation, we ship the certificate of the CA root for
hg.mozilla.org (DigiCert Global Root CA) in the make-ca package, and use
it to verify hg.mozilla.org.
2022-01-31 19:07:08 +08:00
DJ Lucas
3093851fdd
Update CHANGELOG 2022-01-10 00:17:38 -06:00
Xi Ruoyao
151af87198
make-ca: use --filter=ca-anchors for all stores
Fixes #19.
2022-01-09 00:00:22 +08:00
DJ Lucas
6d1c729972 CHANGELOG: all current updates. 2021-09-16 18:56:59 -05:00
DJ Lucas
aacfcb6b69 make-ca,CHANGELOG: Post-release version bump. 2021-08-29 23:46:04 -05:00
DJ Lucas
79082f4814 Changelog 2021-08-29 23:32:18 -05:00
DJ Lucas
b138f67112 make-ca: Backup and restore anchors with PKIX extensions. 2021-08-09 22:14:46 -05:00
DJ Lucas
c41b7f3d4b Makefile,make-ca: Use Microsoft's trust for code signing with -i | --mscodesign. 2021-08-08 11:03:12 -05:00
DJ Lucas
6e7e5a391c CHANGELOG: yet another typo. 2021-08-07 20:01:19 -05:00
DJ Lucas
5d764d2756 CHANGELOG: typo 2021-08-07 19:59:16 -05:00
DJ Lucas
3fc0a03bb5 :-) Properly thank miijoost for forcing me to fix all of the issues in get_p11_label(). 2021-08-07 19:58:24 -05:00
DJ Lucas
47d1fea7c4 CHANGELOG: clarify changes. 2021-08-07 19:53:35 -05:00
DJ Lucas
94c44961b8 make-ca: Revert change to use p11label for naming anchors. 2021-08-07 19:37:23 -05:00
DJ Lucas
c79ee2ff79 make-ca: Handle getopt style short options in get_args(). 2021-08-07 00:40:39 -05:00
DJ Lucas
8baf93dc22 make-ca: Use p11label value and .p11-kit extension for anchor naming. 2021-08-05 22:31:13 -05:00
DJ Lucas
0faf62233b copy-trust-modifications: Use X509v3 Key Usage section to determine local trust for anchros added using tust utiltiy. 2021-08-05 22:27:20 -05:00
DJ Lucas
62864a82a5 LICENSE,CHANGELOG: Fix grammar and typos. 2021-08-05 20:48:55 -05:00
DJ Lucas
26dabca6f0 CHANGELOG,README: udpate version requirements for p11-kit to 0.23.19. 2021-08-05 20:40:36 -05:00
DJ Lucas
d7c3b6f28b make-ca: Correct incorrectly named get_p11_val(). 2021-08-05 19:39:08 -05:00
DJ Lucas
2284b419ed make-ca: Fix output of NSSDB and Java PCKS#12 stores. 2021-08-05 01:13:05 -05:00
DJ Lucas
d857f7c530 make-ca: Use --filter=certificates for all stores. 2021-08-05 00:33:04 -05:00
DJ Lucas
6ee8e5316e make-ca: Add nss-{server,email}-distrust-after values in anchors. 2021-08-05 00:04:05 -05:00
DJ Lucas
e38a575d03 CHANGELOG: add entry for previous commit. 2021-08-04 22:20:37 -05:00
DJ Lucas
658a60fdb1 CHANGELOG: add missing changelog entries. 2021-08-04 20:41:19 -05:00
Douglas R. Reno
a344a88b3b
CHANGELOG: Fix a few typos 2020-11-12 20:34:58 -06:00
DJ Lucas
41c9ddb0b7 make-ca, CHANGELOG: post release version bump 2020-03-07 23:06:40 -06:00
DJ Lucas
88d6dc7f8c help2man: revert update (requires full perl environment) 2020-03-07 22:55:16 -06:00
DJ Lucas
fa868f361b make-ca,CHANGELOG: post release version bump 2020-03-07 22:46:04 -06:00
DJ Lucas
30f31a14f7 CHANGLOG: Add note about new help2man 2020-03-07 22:41:51 -06:00
DJ Lucas
f7a455a6b8 CHANGELOG: Typo 2020-03-07 22:40:11 -06:00
DJ Lucas
892378ecbe make-ca, include.h2m: Add detailed dependncy info and add note about configuration file 2020-03-07 22:37:27 -06:00
DJ Lucas
11fa4267cd Update changelog. 2020-02-05 20:43:34 -06:00
DJ Lucas
55a5f39c5a CHANGELOG: Add entry for previous change. 2019-09-10 22:15:30 -05:00
DJ Lucas
c7728786b8 Revert change to use /usr/bin/update-ca-certifiates for systemd service 2019-04-13 00:06:14 -05:00
DJ Lucas
5f9c836053 Redirect errors in copy-trust-modifications script
Use update-ca-certificates for systemd service
2019-04-12 23:11:01 -05:00
DJ Lucas
4b171eb701 Fix syntax error in check_arg() function 2019-04-12 22:32:02 -05:00
DJ Lucas
31e66e0c74 Remove unused variables saarg, csarg, and smarg in get_trust_values() function
Remove unused CERTLIST variable in copy-trust-modifications
Correct STDERR redirection in multiple functions
2019-04-12 22:20:20 -05:00
DJ Lucas
ddad9bbee0 Added write_nss_db() and write_java_p12() functions 2019-01-05 19:16:07 -06:00
DJ Lucas
30fc33d7fe Changed default name of anchors list to use md5sums extension
Added copy-trust-modifcations script for use by p11-kit
2019-01-01 20:00:04 -06:00
DJ Lucas
7e305de608 Fix certificate label in local certificates 2019-01-01 19:35:19 -06:00
DJ Lucas
6832ac11b8 Added get_trust_values(), get_p11_trust(), and write_anchor() functions to eliminate duplicate code 2019-01-01 14:35:23 -06:00
DJ Lucas
5316943b46 Use md5sum values for anchors.txt to detect p11-kit changes
Added get_p11_label function to get reliable label values
2019-01-01 14:08:35 -06:00
DJ Lucas
33cdab2a45 Add anchorlist for use by p11-kit to utilize LOCALDIR 2018-12-28 00:41:01 -06:00
DJ Lucas
a3a5711466 Allow definition of configuratino file and install default configuration file. 2018-12-01 17:21:37 -06:00
DJ Lucas
b8603c3856 Perform system installation of update service files
Separate installation step for other consumers
- Partial merge of PR from Graham Weldon
2018-12-01 17:07:13 -06:00
DJ Lucas
aa43bb31eb Add missing java change to CHANGELOG 2018-12-01 16:07:58 -06:00
DJ Lucas
5a06937b96 Fix typo 2018-12-01 16:05:08 -06:00
DJ Lucas
ca103899f6 Move bundle defaults to /etc/pki/tls/certs/
Fix invalid test cases on command line processing
Remove -c/--cadir flags, replace with -b/--bindledir to store all bundles in same location
2018-12-01 16:03:19 -06:00
DJ Lucas
98c0193bb5 Add back Java P12 certs (disabled by default)
Disable NSSDB by default
2018-09-04 22:19:40 -05:00
DJ Lucas
1aa966774d Fix changelog, compatibility symlink never went in, and will not 2018-09-03 01:02:16 -05:00