зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1420060, NSS_3_35_BETA1, r=franziskus
UPGRADE_NSS_RELEASE
This commit is contained in:
Родитель
d37fa86e02
Коммит
d0abca54ea
|
@ -1 +1 @@
|
|||
04fc9a90997b
|
||||
NSS_3_35_BETA1
|
||||
|
|
|
@ -17,8 +17,8 @@ apt_packages+=('locales')
|
|||
apt-get install -y --no-install-recommends ${apt_packages[@]}
|
||||
|
||||
# Download clang.
|
||||
curl -L http://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz -o clang.tar.xz
|
||||
curl -L http://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz.sig -o clang.tar.xz.sig
|
||||
curl -L https://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz -o clang.tar.xz
|
||||
curl -L https://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz.sig -o clang.tar.xz.sig
|
||||
# Verify the signature.
|
||||
gpg --keyserver pool.sks-keyservers.net --recv-keys B6C8F98282B944E3B0D5C2530FC3042E345AD05D
|
||||
gpg --verify clang.tar.xz.sig
|
||||
|
|
|
@ -25,8 +25,8 @@ apt-get -y update
|
|||
apt-get install -y --no-install-recommends ${apt_packages[@]}
|
||||
|
||||
# Download clang.
|
||||
curl -LO http://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz
|
||||
curl -LO http://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz.sig
|
||||
curl -LO https://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz
|
||||
curl -LO https://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz.sig
|
||||
# Verify the signature.
|
||||
gpg --keyserver pool.sks-keyservers.net --recv-keys B6C8F98282B944E3B0D5C2530FC3042E345AD05D
|
||||
gpg --verify *.tar.xz.sig
|
||||
|
|
|
@ -10,8 +10,8 @@ update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-5 200
|
|||
update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-5 200
|
||||
|
||||
# Get clang-format-3.9
|
||||
curl -LO http://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz
|
||||
curl -LO http://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz.sig
|
||||
curl -LO https://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz
|
||||
curl -LO https://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz.sig
|
||||
# Verify the signature.
|
||||
gpg --keyserver pool.sks-keyservers.net --recv-keys B6C8F98282B944E3B0D5C2530FC3042E345AD05D
|
||||
gpg --verify *.tar.xz.sig
|
||||
|
|
|
@ -48,8 +48,8 @@ apt-get -y update
|
|||
apt-get install -y --no-install-recommends ${apt_packages[@]}
|
||||
|
||||
# Download clang.
|
||||
curl -LO http://releases.llvm.org/4.0.0/clang+llvm-4.0.0-x86_64-linux-gnu-ubuntu-16.04.tar.xz
|
||||
curl -LO http://releases.llvm.org/4.0.0/clang+llvm-4.0.0-x86_64-linux-gnu-ubuntu-16.04.tar.xz.sig
|
||||
curl -LO https://releases.llvm.org/4.0.0/clang+llvm-4.0.0-x86_64-linux-gnu-ubuntu-16.04.tar.xz
|
||||
curl -LO https://releases.llvm.org/4.0.0/clang+llvm-4.0.0-x86_64-linux-gnu-ubuntu-16.04.tar.xz.sig
|
||||
# Verify the signature.
|
||||
gpg --keyserver pool.sks-keyservers.net --recv-keys B6C8F98282B944E3B0D5C2530FC3042E345AD05D
|
||||
gpg --verify *.tar.xz.sig
|
||||
|
|
|
@ -82,8 +82,8 @@ queue.filter(task => {
|
|||
}
|
||||
|
||||
if (task.group == "Test") {
|
||||
// Don't run test builds on old make platforms
|
||||
if (task.collection == "make") {
|
||||
// Don't run test builds on old make platforms, and not for fips gyp.
|
||||
if (task.collection == "make" || task.collection == "fips") {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
@ -196,6 +196,12 @@ export default async function main() {
|
|||
features: ["allowPtrace"],
|
||||
}, "--ubsan --asan");
|
||||
|
||||
await scheduleLinux("Linux 64 (FIPS opt)", {
|
||||
platform: "linux64",
|
||||
collection: "fips",
|
||||
image: LINUX_IMAGE,
|
||||
}, "--enable-fips --opt");
|
||||
|
||||
await scheduleWindows("Windows 2012 64 (debug, make)", {
|
||||
platform: "windows2012-64",
|
||||
collection: "make",
|
||||
|
@ -368,7 +374,6 @@ async function scheduleLinux(name, base, args = "") {
|
|||
parent: extra_build,
|
||||
symbol: "Certs-F",
|
||||
group: "FIPS",
|
||||
env: { NSS_TEST_ENABLE_FIPS: "1" }
|
||||
}));
|
||||
|
||||
// Schedule FIPS tests.
|
||||
|
@ -811,7 +816,6 @@ async function scheduleWindows(name, base, build_script) {
|
|||
parent: extra_build,
|
||||
symbol: "Certs-F",
|
||||
group: "FIPS",
|
||||
env: { NSS_TEST_ENABLE_FIPS: "1" }
|
||||
}));
|
||||
|
||||
// Schedule FIPS tests.
|
||||
|
|
|
@ -22,7 +22,7 @@ function parseOptions(opts) {
|
|||
}
|
||||
|
||||
// Parse platforms.
|
||||
let allPlatforms = ["linux", "linux64", "linux64-asan",
|
||||
let allPlatforms = ["linux", "linux64", "linux64-asan", "linux64-fips",
|
||||
"win", "win64", "win-make", "win64-make",
|
||||
"linux64-make", "linux-make", "linux-fuzz",
|
||||
"linux64-fuzz", "aarch64", "mac"];
|
||||
|
@ -111,6 +111,7 @@ function filter(opts) {
|
|||
"linux": "linux32",
|
||||
"linux-fuzz": "linux32",
|
||||
"linux64-asan": "linux64",
|
||||
"linux64-fips": "linux64",
|
||||
"linux64-fuzz": "linux64",
|
||||
"linux64-make": "linux64",
|
||||
"linux-make": "linux32",
|
||||
|
@ -126,6 +127,8 @@ function filter(opts) {
|
|||
// Additional checks.
|
||||
if (platform == "linux64-asan") {
|
||||
keep &= coll("asan");
|
||||
} else if (platform == "linux64-fips") {
|
||||
keep &= coll("fips");
|
||||
} else if (platform == "linux64-make" || platform == "linux-make" ||
|
||||
platform == "win64-make" || platform == "win-make") {
|
||||
keep &= coll("make");
|
||||
|
|
|
@ -1053,6 +1053,18 @@ ListModules(void)
|
|||
return SECSuccess;
|
||||
}
|
||||
|
||||
static void
|
||||
PrintBuildFlags()
|
||||
{
|
||||
#ifdef NSS_FIPS_DISABLED
|
||||
PR_fprintf(PR_STDOUT, "NSS_FIPS_DISABLED\n");
|
||||
#endif
|
||||
#ifdef NSS_NO_INIT_SUPPORT
|
||||
PR_fprintf(PR_STDOUT, "NSS_NO_INIT_SUPPORT\n");
|
||||
#endif
|
||||
exit(0);
|
||||
}
|
||||
|
||||
static void
|
||||
PrintSyntax(char *progName)
|
||||
{
|
||||
|
@ -1100,6 +1112,7 @@ PrintSyntax(char *progName)
|
|||
FPS "\t%s -L [-n cert-name] [-h token-name] [--email email-address]\n",
|
||||
progName);
|
||||
FPS "\t\t [-X] [-r] [-a] [--dump-ext-val OID] [-d certdir] [-P dbprefix]\n");
|
||||
FPS "\t%s --build-flags\n", progName);
|
||||
FPS "\t%s -M -n cert-name -t trustargs [-d certdir] [-P dbprefix]\n",
|
||||
progName);
|
||||
FPS "\t%s -O -n cert-name [-X] [-d certdir] [-a] [-P dbprefix]\n", progName);
|
||||
|
@ -1812,6 +1825,18 @@ luS(enum usage_level ul, const char *command)
|
|||
FPS "\n");
|
||||
}
|
||||
|
||||
static void
|
||||
luBuildFlags(enum usage_level ul, const char *command)
|
||||
{
|
||||
int is_my_command = (command && 0 == strcmp(command, "build-flags"));
|
||||
if (ul == usage_all || !command || is_my_command)
|
||||
FPS "%-15s Print enabled build flags relevant for NSS test execution\n",
|
||||
"--build-flags");
|
||||
if (ul == usage_selected && !is_my_command)
|
||||
return;
|
||||
FPS "\n");
|
||||
}
|
||||
|
||||
static void
|
||||
LongUsage(char *progName, enum usage_level ul, const char *command)
|
||||
{
|
||||
|
@ -1826,6 +1851,7 @@ LongUsage(char *progName, enum usage_level ul, const char *command)
|
|||
luU(ul, command);
|
||||
luK(ul, command);
|
||||
luL(ul, command);
|
||||
luBuildFlags(ul, command);
|
||||
luM(ul, command);
|
||||
luN(ul, command);
|
||||
luT(ul, command);
|
||||
|
@ -2401,6 +2427,7 @@ enum {
|
|||
cmd_Merge,
|
||||
cmd_UpgradeMerge, /* test only */
|
||||
cmd_Rename,
|
||||
cmd_BuildFlags,
|
||||
max_cmd
|
||||
};
|
||||
|
||||
|
@ -2503,7 +2530,9 @@ static const secuCommandFlag commands_init[] =
|
|||
{ /* cmd_UpgradeMerge */ 0, PR_FALSE, 0, PR_FALSE,
|
||||
"upgrade-merge" },
|
||||
{ /* cmd_Rename */ 0, PR_FALSE, 0, PR_FALSE,
|
||||
"rename" }
|
||||
"rename" },
|
||||
{ /* cmd_BuildFlags */ 0, PR_FALSE, 0, PR_FALSE,
|
||||
"build-flags" }
|
||||
};
|
||||
#define NUM_COMMANDS ((sizeof commands_init) / (sizeof commands_init[0]))
|
||||
|
||||
|
@ -2690,6 +2719,10 @@ certutil_main(int argc, char **argv, PRBool initialize)
|
|||
exit(1);
|
||||
}
|
||||
|
||||
if (certutil.commands[cmd_BuildFlags].activated) {
|
||||
PrintBuildFlags();
|
||||
}
|
||||
|
||||
if (certutil.options[opt_PasswordFile].arg) {
|
||||
pwdata.source = PW_FROMFILE;
|
||||
pwdata.data = certutil.options[opt_PasswordFile].arg;
|
||||
|
@ -3138,7 +3171,7 @@ certutil_main(int argc, char **argv, PRBool initialize)
|
|||
certutil.commands[cmd_CreateAndAddCert].activated ||
|
||||
certutil.commands[cmd_AddCert].activated ||
|
||||
certutil.commands[cmd_AddEmailCert].activated) {
|
||||
if (PK11_NeedUserInit(slot)) {
|
||||
if (PK11_NeedLogin(slot) && PK11_NeedUserInit(slot)) {
|
||||
char *password = NULL;
|
||||
/* fetch the password from the command line or the file
|
||||
* if no password is supplied, initialize the password to NULL */
|
||||
|
|
|
@ -128,6 +128,7 @@
|
|||
[ 'disable_fips==1', {
|
||||
'defines': [
|
||||
'NSS_FIPS_DISABLED',
|
||||
'NSS_NO_INIT_SUPPORT',
|
||||
],
|
||||
}],
|
||||
[ 'OS!="android" and OS!="mac" and OS!="win"', {
|
||||
|
@ -299,7 +300,6 @@
|
|||
'Common': {
|
||||
'abstract': 1,
|
||||
'defines': [
|
||||
'NSS_NO_INIT_SUPPORT',
|
||||
'USE_UTIL_DIRECTLY',
|
||||
'NO_NSPR_10_SUPPORT',
|
||||
'SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES',
|
||||
|
|
|
@ -10,4 +10,3 @@
|
|||
*/
|
||||
|
||||
#error "Do not include this header file."
|
||||
|
||||
|
|
|
@ -53,5 +53,9 @@ TEST_F(RSANewKeyTest, WrongKeysizeTest) {
|
|||
|
||||
TEST_F(RSANewKeyTest, expThreeTest) {
|
||||
ScopedRSAPrivateKey key(CreateKeyWithExponent(2048, 0x03));
|
||||
#ifdef NSS_FIPS_DISABLED
|
||||
ASSERT_TRUE(key != nullptr);
|
||||
#else
|
||||
ASSERT_TRUE(key == nullptr);
|
||||
#endif
|
||||
}
|
||||
|
|
|
@ -1,4 +1,8 @@
|
|||
#include <cstdlib>
|
||||
#if defined(_WIN32)
|
||||
#include <windows.h>
|
||||
#include <codecvt>
|
||||
#endif
|
||||
|
||||
#include "cert.h"
|
||||
#include "certdb.h"
|
||||
|
@ -34,6 +38,7 @@ class ScopedUniqueDirectory {
|
|||
~ScopedUniqueDirectory() { assert(rmdir(mPath.c_str()) == 0); }
|
||||
|
||||
const std::string &GetPath() { return mPath; }
|
||||
const std::string &GetUTF8Path() { return mUTF8Path; }
|
||||
|
||||
private:
|
||||
static const int RETRY_LIMIT = 5;
|
||||
|
@ -41,6 +46,7 @@ class ScopedUniqueDirectory {
|
|||
static bool TryMakingDirectory(/*in/out*/ std::string &prefix);
|
||||
|
||||
std::string mPath;
|
||||
std::string mUTF8Path;
|
||||
};
|
||||
|
||||
ScopedUniqueDirectory::ScopedUniqueDirectory(const std::string &prefix) {
|
||||
|
@ -60,6 +66,18 @@ ScopedUniqueDirectory::ScopedUniqueDirectory(const std::string &prefix) {
|
|||
}
|
||||
}
|
||||
assert(mPath.length() > 0);
|
||||
#if defined(_WIN32)
|
||||
// sqldb always uses UTF-8 regardless of the current system locale.
|
||||
DWORD len =
|
||||
MultiByteToWideChar(CP_ACP, 0, mPath.data(), mPath.size(), nullptr, 0);
|
||||
std::vector<wchar_t> buf(len, L'\0');
|
||||
MultiByteToWideChar(CP_ACP, 0, mPath.data(), mPath.size(), buf.data(),
|
||||
buf.size());
|
||||
std::wstring_convert<std::codecvt_utf8_utf16<wchar_t>> converter;
|
||||
mUTF8Path = converter.to_bytes(std::wstring(buf.begin(), buf.end()));
|
||||
#else
|
||||
mUTF8Path = mPath;
|
||||
#endif
|
||||
}
|
||||
|
||||
void ScopedUniqueDirectory::GenerateRandomName(std::string &prefix) {
|
||||
|
@ -84,10 +102,11 @@ bool ScopedUniqueDirectory::TryMakingDirectory(std::string &prefix) {
|
|||
class SoftokenTest : public ::testing::Test {
|
||||
protected:
|
||||
SoftokenTest() : mNSSDBDir("SoftokenTest.d-") {}
|
||||
SoftokenTest(const std::string &prefix) : mNSSDBDir(prefix) {}
|
||||
|
||||
virtual void SetUp() {
|
||||
std::string nssInitArg("sql:");
|
||||
nssInitArg.append(mNSSDBDir.GetPath());
|
||||
nssInitArg.append(mNSSDBDir.GetUTF8Path());
|
||||
ASSERT_EQ(SECSuccess, NSS_Initialize(nssInitArg.c_str(), "", "", SECMOD_DB,
|
||||
NSS_INIT_NOROOTINIT));
|
||||
}
|
||||
|
@ -202,6 +221,19 @@ TEST_F(SoftokenTest, CreateObjectChangeToEmptyPassword) {
|
|||
EXPECT_NE(nullptr, obj);
|
||||
}
|
||||
|
||||
class SoftokenNonAsciiTest : public SoftokenTest {
|
||||
protected:
|
||||
SoftokenNonAsciiTest() : SoftokenTest("SoftokenTest.\xF7-") {}
|
||||
};
|
||||
|
||||
TEST_F(SoftokenNonAsciiTest, NonAsciiPathWorking) {
|
||||
ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
|
||||
ASSERT_TRUE(slot);
|
||||
EXPECT_EQ(SECSuccess, PK11_InitPin(slot.get(), nullptr, nullptr));
|
||||
EXPECT_EQ(SECSuccess, PK11_ResetToken(slot.get(), nullptr));
|
||||
EXPECT_EQ(SECSuccess, PK11_InitPin(slot.get(), nullptr, nullptr));
|
||||
}
|
||||
|
||||
// This is just any X509 certificate. Its contents don't matter.
|
||||
static unsigned char certDER[] = {
|
||||
0x30, 0x82, 0x01, 0xEF, 0x30, 0x82, 0x01, 0x94, 0xA0, 0x03, 0x02, 0x01,
|
||||
|
|
|
@ -31,7 +31,7 @@ const static uint8_t kCannedTls13ClientHello[] = {
|
|||
0x00, 0x00, 0xa0, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x09, 0x00, 0x00, 0x06,
|
||||
0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00,
|
||||
0x0a, 0x00, 0x12, 0x00, 0x10, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x01,
|
||||
0x00, 0x01, 0x01, 0x01, 0x02, 0x01, 0x03, 0x01, 0x04, 0x00, 0x28, 0x00,
|
||||
0x00, 0x01, 0x01, 0x01, 0x02, 0x01, 0x03, 0x01, 0x04, 0x00, 0x33, 0x00,
|
||||
0x47, 0x00, 0x45, 0x00, 0x17, 0x00, 0x41, 0x04, 0x86, 0x4a, 0xb9, 0xdc,
|
||||
0x6a, 0x38, 0xa7, 0xce, 0xe7, 0xc2, 0x4f, 0xa6, 0x28, 0xb9, 0xdc, 0x65,
|
||||
0xbf, 0x73, 0x47, 0x3c, 0x9c, 0x65, 0x8c, 0x47, 0x6d, 0x57, 0x22, 0x8a,
|
||||
|
@ -47,7 +47,7 @@ const static uint8_t kCannedTls13ServerHello[] = {
|
|||
0x03, 0x03, 0x9c, 0xbc, 0x14, 0x9b, 0x0e, 0x2e, 0xfa, 0x0d, 0xf3,
|
||||
0xf0, 0x5c, 0x70, 0x7a, 0xe0, 0xd1, 0x9b, 0x3e, 0x5a, 0x44, 0x6b,
|
||||
0xdf, 0xe5, 0xc2, 0x28, 0x64, 0xf7, 0x00, 0xc1, 0x9c, 0x08, 0x76,
|
||||
0x08, 0x00, 0x13, 0x01, 0x00, 0x00, 0x2e, 0x00, 0x28, 0x00, 0x24,
|
||||
0x08, 0x00, 0x13, 0x01, 0x00, 0x00, 0x2e, 0x00, 0x33, 0x00, 0x24,
|
||||
0x00, 0x1d, 0x00, 0x20, 0xc2, 0xcf, 0x23, 0x17, 0x64, 0x23, 0x03,
|
||||
0xf0, 0xfb, 0x45, 0x98, 0x26, 0xd1, 0x65, 0x24, 0xa1, 0x6c, 0xa9,
|
||||
0x80, 0x8f, 0x2c, 0xac, 0x0a, 0xea, 0x53, 0x3a, 0xcb, 0xe3, 0x08,
|
||||
|
|
|
@ -50,6 +50,7 @@ static const uint16_t kManyExtensions[] = {
|
|||
ssl_supported_groups_xtn,
|
||||
ssl_ec_point_formats_xtn,
|
||||
ssl_signature_algorithms_xtn,
|
||||
ssl_signature_algorithms_cert_xtn,
|
||||
ssl_use_srtp_xtn,
|
||||
ssl_app_layer_protocol_xtn,
|
||||
ssl_signed_cert_timestamp_xtn,
|
||||
|
|
|
@ -3656,7 +3656,7 @@ END
|
|||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\001\000
|
||||
END
|
||||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
@ -3815,7 +3815,7 @@ END
|
|||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\001\000
|
||||
END
|
||||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
@ -5109,149 +5109,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
|||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "DST ACES CA X6"
|
||||
#
|
||||
# Issuer: CN=DST ACES CA X6,OU=DST ACES,O=Digital Signature Trust,C=US
|
||||
# Serial Number:0d:5e:99:0a:d6:9d:b7:78:ec:d8:07:56:3b:86:15:d9
|
||||
# Subject: CN=DST ACES CA X6,OU=DST ACES,O=Digital Signature Trust,C=US
|
||||
# Not Valid Before: Thu Nov 20 21:19:58 2003
|
||||
# Not Valid After : Mon Nov 20 21:19:58 2017
|
||||
# Fingerprint (MD5): 21:D8:4C:82:2B:99:09:33:A2:EB:14:24:8D:8E:5F:E8
|
||||
# Fingerprint (SHA1): 40:54:DA:6F:1C:3F:40:74:AC:ED:0F:EC:CD:DB:79:D1:53:FB:90:1D
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "DST ACES CA X6"
|
||||
CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
|
||||
CKA_SUBJECT MULTILINE_OCTAL
|
||||
\060\133\061\013\060\011\006\003\125\004\006\023\002\125\123\061
|
||||
\040\060\036\006\003\125\004\012\023\027\104\151\147\151\164\141
|
||||
\154\040\123\151\147\156\141\164\165\162\145\040\124\162\165\163
|
||||
\164\061\021\060\017\006\003\125\004\013\023\010\104\123\124\040
|
||||
\101\103\105\123\061\027\060\025\006\003\125\004\003\023\016\104
|
||||
\123\124\040\101\103\105\123\040\103\101\040\130\066
|
||||
END
|
||||
CKA_ID UTF8 "0"
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\133\061\013\060\011\006\003\125\004\006\023\002\125\123\061
|
||||
\040\060\036\006\003\125\004\012\023\027\104\151\147\151\164\141
|
||||
\154\040\123\151\147\156\141\164\165\162\145\040\124\162\165\163
|
||||
\164\061\021\060\017\006\003\125\004\013\023\010\104\123\124\040
|
||||
\101\103\105\123\061\027\060\025\006\003\125\004\003\023\016\104
|
||||
\123\124\040\101\103\105\123\040\103\101\040\130\066
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\020\015\136\231\012\326\235\267\170\354\330\007\126\073\206
|
||||
\025\331
|
||||
END
|
||||
CKA_VALUE MULTILINE_OCTAL
|
||||
\060\202\004\011\060\202\002\361\240\003\002\001\002\002\020\015
|
||||
\136\231\012\326\235\267\170\354\330\007\126\073\206\025\331\060
|
||||
\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\133
|
||||
\061\013\060\011\006\003\125\004\006\023\002\125\123\061\040\060
|
||||
\036\006\003\125\004\012\023\027\104\151\147\151\164\141\154\040
|
||||
\123\151\147\156\141\164\165\162\145\040\124\162\165\163\164\061
|
||||
\021\060\017\006\003\125\004\013\023\010\104\123\124\040\101\103
|
||||
\105\123\061\027\060\025\006\003\125\004\003\023\016\104\123\124
|
||||
\040\101\103\105\123\040\103\101\040\130\066\060\036\027\015\060
|
||||
\063\061\061\062\060\062\061\061\071\065\070\132\027\015\061\067
|
||||
\061\061\062\060\062\061\061\071\065\070\132\060\133\061\013\060
|
||||
\011\006\003\125\004\006\023\002\125\123\061\040\060\036\006\003
|
||||
\125\004\012\023\027\104\151\147\151\164\141\154\040\123\151\147
|
||||
\156\141\164\165\162\145\040\124\162\165\163\164\061\021\060\017
|
||||
\006\003\125\004\013\023\010\104\123\124\040\101\103\105\123\061
|
||||
\027\060\025\006\003\125\004\003\023\016\104\123\124\040\101\103
|
||||
\105\123\040\103\101\040\130\066\060\202\001\042\060\015\006\011
|
||||
\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000
|
||||
\060\202\001\012\002\202\001\001\000\271\075\365\054\311\224\334
|
||||
\165\212\225\135\143\350\204\167\166\146\271\131\221\134\106\335
|
||||
\222\076\237\371\016\003\264\075\141\222\275\043\046\265\143\356
|
||||
\222\322\236\326\074\310\015\220\137\144\201\261\250\010\015\114
|
||||
\330\371\323\005\050\122\264\001\045\305\225\034\014\176\076\020
|
||||
\204\165\317\301\031\221\143\317\350\250\221\210\271\103\122\273
|
||||
\200\261\125\211\213\061\372\320\267\166\276\101\075\060\232\244
|
||||
\042\045\027\163\350\036\342\323\254\052\275\133\070\041\325\052
|
||||
\113\327\125\175\343\072\125\275\327\155\153\002\127\153\346\107
|
||||
\174\010\310\202\272\336\247\207\075\241\155\270\060\126\302\263
|
||||
\002\201\137\055\365\342\232\060\030\050\270\146\323\313\001\226
|
||||
\157\352\212\105\125\326\340\235\377\147\053\027\002\246\116\032
|
||||
\152\021\013\176\267\173\347\230\326\214\166\157\301\073\333\120
|
||||
\223\176\345\320\216\037\067\270\275\272\306\237\154\351\174\063
|
||||
\362\062\074\046\107\372\047\044\002\311\176\035\133\210\102\023
|
||||
\152\065\174\175\065\351\056\146\221\162\223\325\062\046\304\164
|
||||
\365\123\243\263\135\232\366\011\313\002\003\001\000\001\243\201
|
||||
\310\060\201\305\060\017\006\003\125\035\023\001\001\377\004\005
|
||||
\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004
|
||||
\004\003\002\001\306\060\037\006\003\125\035\021\004\030\060\026
|
||||
\201\024\160\153\151\055\157\160\163\100\164\162\165\163\164\144
|
||||
\163\164\056\143\157\155\060\142\006\003\125\035\040\004\133\060
|
||||
\131\060\127\006\012\140\206\110\001\145\003\002\001\001\001\060
|
||||
\111\060\107\006\010\053\006\001\005\005\007\002\001\026\073\150
|
||||
\164\164\160\072\057\057\167\167\167\056\164\162\165\163\164\144
|
||||
\163\164\056\143\157\155\057\143\145\162\164\151\146\151\143\141
|
||||
\164\145\163\057\160\157\154\151\143\171\057\101\103\105\123\055
|
||||
\151\156\144\145\170\056\150\164\155\154\060\035\006\003\125\035
|
||||
\016\004\026\004\024\011\162\006\116\030\103\017\345\326\314\303
|
||||
\152\213\061\173\170\217\250\203\270\060\015\006\011\052\206\110
|
||||
\206\367\015\001\001\005\005\000\003\202\001\001\000\243\330\216
|
||||
\326\262\333\316\005\347\062\315\001\323\004\003\345\166\344\126
|
||||
\053\234\231\220\350\010\060\154\337\175\075\356\345\277\265\044
|
||||
\100\204\111\341\321\050\256\304\302\072\123\060\210\361\365\167
|
||||
\156\121\312\372\377\231\257\044\137\033\240\375\362\254\204\312
|
||||
\337\251\360\137\004\056\255\026\277\041\227\020\201\075\343\377
|
||||
\207\215\062\334\224\345\107\212\136\152\023\311\224\225\075\322
|
||||
\356\310\064\225\320\200\324\255\062\010\200\124\074\340\275\122
|
||||
\123\327\122\174\262\151\077\177\172\317\152\164\312\372\004\052
|
||||
\234\114\132\006\245\351\040\255\105\146\017\151\361\335\277\351
|
||||
\343\062\213\372\340\301\206\115\162\074\056\330\223\170\012\052
|
||||
\370\330\322\047\075\031\211\137\132\173\212\073\314\014\332\121
|
||||
\256\307\013\367\053\260\067\005\354\274\127\043\342\070\322\233
|
||||
\150\363\126\022\210\117\102\174\270\061\304\265\333\344\310\041
|
||||
\064\351\110\021\065\356\372\307\222\127\305\237\064\344\307\366
|
||||
\367\016\013\114\234\150\170\173\161\061\307\353\036\340\147\101
|
||||
\363\267\240\247\315\345\172\063\066\152\372\232\053
|
||||
END
|
||||
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
|
||||
|
||||
# Trust for Certificate "DST ACES CA X6"
|
||||
# Issuer: CN=DST ACES CA X6,OU=DST ACES,O=Digital Signature Trust,C=US
|
||||
# Serial Number:0d:5e:99:0a:d6:9d:b7:78:ec:d8:07:56:3b:86:15:d9
|
||||
# Subject: CN=DST ACES CA X6,OU=DST ACES,O=Digital Signature Trust,C=US
|
||||
# Not Valid Before: Thu Nov 20 21:19:58 2003
|
||||
# Not Valid After : Mon Nov 20 21:19:58 2017
|
||||
# Fingerprint (MD5): 21:D8:4C:82:2B:99:09:33:A2:EB:14:24:8D:8E:5F:E8
|
||||
# Fingerprint (SHA1): 40:54:DA:6F:1C:3F:40:74:AC:ED:0F:EC:CD:DB:79:D1:53:FB:90:1D
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "DST ACES CA X6"
|
||||
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
|
||||
\100\124\332\157\034\077\100\164\254\355\017\354\315\333\171\321
|
||||
\123\373\220\035
|
||||
END
|
||||
CKA_CERT_MD5_HASH MULTILINE_OCTAL
|
||||
\041\330\114\202\053\231\011\063\242\353\024\044\215\216\137\350
|
||||
END
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\133\061\013\060\011\006\003\125\004\006\023\002\125\123\061
|
||||
\040\060\036\006\003\125\004\012\023\027\104\151\147\151\164\141
|
||||
\154\040\123\151\147\156\141\164\165\162\145\040\124\162\165\163
|
||||
\164\061\021\060\017\006\003\125\004\013\023\010\104\123\124\040
|
||||
\101\103\105\123\061\027\060\025\006\003\125\004\003\023\016\104
|
||||
\123\124\040\101\103\105\123\040\103\101\040\130\066
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\020\015\136\231\012\326\235\267\170\354\330\007\126\073\206
|
||||
\025\331
|
||||
END
|
||||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "SwissSign Platinum CA - G2"
|
||||
#
|
||||
|
@ -6916,142 +6773,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
|||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "Security Communication EV RootCA1"
|
||||
#
|
||||
# Issuer: OU=Security Communication EV RootCA1,O="SECOM Trust Systems CO.,LTD.",C=JP
|
||||
# Serial Number: 0 (0x0)
|
||||
# Subject: OU=Security Communication EV RootCA1,O="SECOM Trust Systems CO.,LTD.",C=JP
|
||||
# Not Valid Before: Wed Jun 06 02:12:32 2007
|
||||
# Not Valid After : Sat Jun 06 02:12:32 2037
|
||||
# Fingerprint (MD5): 22:2D:A6:01:EA:7C:0A:F7:F0:6C:56:43:3F:77:76:D3
|
||||
# Fingerprint (SHA1): FE:B8:C4:32:DC:F9:76:9A:CE:AE:3D:D8:90:8F:FD:28:86:65:64:7D
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "Security Communication EV RootCA1"
|
||||
CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
|
||||
CKA_SUBJECT MULTILINE_OCTAL
|
||||
\060\140\061\013\060\011\006\003\125\004\006\023\002\112\120\061
|
||||
\045\060\043\006\003\125\004\012\023\034\123\105\103\117\115\040
|
||||
\124\162\165\163\164\040\123\171\163\164\145\155\163\040\103\117
|
||||
\056\054\114\124\104\056\061\052\060\050\006\003\125\004\013\023
|
||||
\041\123\145\143\165\162\151\164\171\040\103\157\155\155\165\156
|
||||
\151\143\141\164\151\157\156\040\105\126\040\122\157\157\164\103
|
||||
\101\061
|
||||
END
|
||||
CKA_ID UTF8 "0"
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\140\061\013\060\011\006\003\125\004\006\023\002\112\120\061
|
||||
\045\060\043\006\003\125\004\012\023\034\123\105\103\117\115\040
|
||||
\124\162\165\163\164\040\123\171\163\164\145\155\163\040\103\117
|
||||
\056\054\114\124\104\056\061\052\060\050\006\003\125\004\013\023
|
||||
\041\123\145\143\165\162\151\164\171\040\103\157\155\155\165\156
|
||||
\151\143\141\164\151\157\156\040\105\126\040\122\157\157\164\103
|
||||
\101\061
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\001\000
|
||||
END
|
||||
CKA_VALUE MULTILINE_OCTAL
|
||||
\060\202\003\175\060\202\002\145\240\003\002\001\002\002\001\000
|
||||
\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
|
||||
\140\061\013\060\011\006\003\125\004\006\023\002\112\120\061\045
|
||||
\060\043\006\003\125\004\012\023\034\123\105\103\117\115\040\124
|
||||
\162\165\163\164\040\123\171\163\164\145\155\163\040\103\117\056
|
||||
\054\114\124\104\056\061\052\060\050\006\003\125\004\013\023\041
|
||||
\123\145\143\165\162\151\164\171\040\103\157\155\155\165\156\151
|
||||
\143\141\164\151\157\156\040\105\126\040\122\157\157\164\103\101
|
||||
\061\060\036\027\015\060\067\060\066\060\066\060\062\061\062\063
|
||||
\062\132\027\015\063\067\060\066\060\066\060\062\061\062\063\062
|
||||
\132\060\140\061\013\060\011\006\003\125\004\006\023\002\112\120
|
||||
\061\045\060\043\006\003\125\004\012\023\034\123\105\103\117\115
|
||||
\040\124\162\165\163\164\040\123\171\163\164\145\155\163\040\103
|
||||
\117\056\054\114\124\104\056\061\052\060\050\006\003\125\004\013
|
||||
\023\041\123\145\143\165\162\151\164\171\040\103\157\155\155\165
|
||||
\156\151\143\141\164\151\157\156\040\105\126\040\122\157\157\164
|
||||
\103\101\061\060\202\001\042\060\015\006\011\052\206\110\206\367
|
||||
\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002
|
||||
\202\001\001\000\274\177\354\127\233\044\340\376\234\272\102\171
|
||||
\251\210\212\372\200\340\365\007\051\103\352\216\012\064\066\215
|
||||
\034\372\247\265\071\170\377\227\165\367\057\344\252\153\004\204
|
||||
\104\312\246\342\150\216\375\125\120\142\017\244\161\016\316\007
|
||||
\070\055\102\205\120\255\074\226\157\213\325\242\016\317\336\111
|
||||
\211\075\326\144\056\070\345\036\154\265\127\212\236\357\110\016
|
||||
\315\172\151\026\207\104\265\220\344\006\235\256\241\004\227\130
|
||||
\171\357\040\112\202\153\214\042\277\354\037\017\351\204\161\355
|
||||
\361\016\344\270\030\023\314\126\066\135\321\232\036\121\153\071
|
||||
\156\140\166\210\064\013\363\263\321\260\235\312\141\342\144\035
|
||||
\301\106\007\270\143\335\036\063\145\263\216\011\125\122\075\265
|
||||
\275\377\007\353\255\141\125\030\054\251\151\230\112\252\100\305
|
||||
\063\024\145\164\000\371\221\336\257\003\110\305\100\124\334\017
|
||||
\204\220\150\040\305\222\226\334\056\345\002\105\252\300\137\124
|
||||
\370\155\352\111\317\135\154\113\257\357\232\302\126\134\306\065
|
||||
\126\102\152\060\137\302\253\366\342\075\077\263\311\021\217\061
|
||||
\114\327\237\111\002\003\001\000\001\243\102\060\100\060\035\006
|
||||
\003\125\035\016\004\026\004\024\065\112\365\115\257\077\327\202
|
||||
\070\254\253\161\145\027\165\214\235\125\223\346\060\016\006\003
|
||||
\125\035\017\001\001\377\004\004\003\002\001\006\060\017\006\003
|
||||
\125\035\023\001\001\377\004\005\060\003\001\001\377\060\015\006
|
||||
\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001
|
||||
\000\250\207\351\354\370\100\147\135\303\301\146\307\100\113\227
|
||||
\374\207\023\220\132\304\357\240\312\137\213\267\247\267\361\326
|
||||
\265\144\267\212\263\270\033\314\332\373\254\146\210\101\316\350
|
||||
\374\344\333\036\210\246\355\047\120\033\002\060\044\106\171\376
|
||||
\004\207\160\227\100\163\321\300\301\127\031\232\151\245\047\231
|
||||
\253\235\142\204\366\121\301\054\311\043\025\330\050\267\253\045
|
||||
\023\265\106\341\206\002\377\046\214\304\210\222\035\126\376\031
|
||||
\147\362\125\344\200\243\153\234\253\167\341\121\161\015\040\333
|
||||
\020\232\333\275\166\171\007\167\231\050\255\232\136\332\261\117
|
||||
\104\054\065\216\245\226\307\375\203\360\130\306\171\326\230\174
|
||||
\250\215\376\206\076\007\026\222\341\173\347\035\354\063\166\176
|
||||
\102\056\112\205\371\221\211\150\204\003\201\245\233\232\276\343
|
||||
\067\305\124\253\126\073\030\055\101\244\014\370\102\333\231\240
|
||||
\340\162\157\273\135\341\026\117\123\012\144\371\116\364\277\116
|
||||
\124\275\170\154\210\352\277\234\023\044\302\160\151\242\177\017
|
||||
\310\074\255\010\311\260\230\100\243\052\347\210\203\355\167\217
|
||||
\164
|
||||
END
|
||||
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
|
||||
|
||||
# Trust for Certificate "Security Communication EV RootCA1"
|
||||
# Issuer: OU=Security Communication EV RootCA1,O="SECOM Trust Systems CO.,LTD.",C=JP
|
||||
# Serial Number: 0 (0x0)
|
||||
# Subject: OU=Security Communication EV RootCA1,O="SECOM Trust Systems CO.,LTD.",C=JP
|
||||
# Not Valid Before: Wed Jun 06 02:12:32 2007
|
||||
# Not Valid After : Sat Jun 06 02:12:32 2037
|
||||
# Fingerprint (MD5): 22:2D:A6:01:EA:7C:0A:F7:F0:6C:56:43:3F:77:76:D3
|
||||
# Fingerprint (SHA1): FE:B8:C4:32:DC:F9:76:9A:CE:AE:3D:D8:90:8F:FD:28:86:65:64:7D
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "Security Communication EV RootCA1"
|
||||
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
|
||||
\376\270\304\062\334\371\166\232\316\256\075\330\220\217\375\050
|
||||
\206\145\144\175
|
||||
END
|
||||
CKA_CERT_MD5_HASH MULTILINE_OCTAL
|
||||
\042\055\246\001\352\174\012\367\360\154\126\103\077\167\166\323
|
||||
END
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\140\061\013\060\011\006\003\125\004\006\023\002\112\120\061
|
||||
\045\060\043\006\003\125\004\012\023\034\123\105\103\117\115\040
|
||||
\124\162\165\163\164\040\123\171\163\164\145\155\163\040\103\117
|
||||
\056\054\114\124\104\056\061\052\060\050\006\003\125\004\013\023
|
||||
\041\123\145\143\165\162\151\164\171\040\103\157\155\155\165\156
|
||||
\151\143\141\164\151\157\156\040\105\126\040\122\157\157\164\103
|
||||
\101\061
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\001\000
|
||||
END
|
||||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "OISTE WISeKey Global Root GA CA"
|
||||
#
|
||||
|
@ -14478,169 +14199,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
|||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "CA Disig Root R1"
|
||||
#
|
||||
# Issuer: CN=CA Disig Root R1,O=Disig a.s.,L=Bratislava,C=SK
|
||||
# Serial Number:00:c3:03:9a:ee:50:90:6e:28
|
||||
# Subject: CN=CA Disig Root R1,O=Disig a.s.,L=Bratislava,C=SK
|
||||
# Not Valid Before: Thu Jul 19 09:06:56 2012
|
||||
# Not Valid After : Sat Jul 19 09:06:56 2042
|
||||
# Fingerprint (MD5): BE:EC:11:93:9A:F5:69:21:BC:D7:C1:C0:67:89:CC:2A
|
||||
# Fingerprint (SHA1): 8E:1C:74:F8:A6:20:B9:E5:8A:F4:61:FA:EC:2B:47:56:51:1A:52:C6
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "CA Disig Root R1"
|
||||
CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
|
||||
CKA_SUBJECT MULTILINE_OCTAL
|
||||
\060\122\061\013\060\011\006\003\125\004\006\023\002\123\113\061
|
||||
\023\060\021\006\003\125\004\007\023\012\102\162\141\164\151\163
|
||||
\154\141\166\141\061\023\060\021\006\003\125\004\012\023\012\104
|
||||
\151\163\151\147\040\141\056\163\056\061\031\060\027\006\003\125
|
||||
\004\003\023\020\103\101\040\104\151\163\151\147\040\122\157\157
|
||||
\164\040\122\061
|
||||
END
|
||||
CKA_ID UTF8 "0"
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\122\061\013\060\011\006\003\125\004\006\023\002\123\113\061
|
||||
\023\060\021\006\003\125\004\007\023\012\102\162\141\164\151\163
|
||||
\154\141\166\141\061\023\060\021\006\003\125\004\012\023\012\104
|
||||
\151\163\151\147\040\141\056\163\056\061\031\060\027\006\003\125
|
||||
\004\003\023\020\103\101\040\104\151\163\151\147\040\122\157\157
|
||||
\164\040\122\061
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\011\000\303\003\232\356\120\220\156\050
|
||||
END
|
||||
CKA_VALUE MULTILINE_OCTAL
|
||||
\060\202\005\151\060\202\003\121\240\003\002\001\002\002\011\000
|
||||
\303\003\232\356\120\220\156\050\060\015\006\011\052\206\110\206
|
||||
\367\015\001\001\005\005\000\060\122\061\013\060\011\006\003\125
|
||||
\004\006\023\002\123\113\061\023\060\021\006\003\125\004\007\023
|
||||
\012\102\162\141\164\151\163\154\141\166\141\061\023\060\021\006
|
||||
\003\125\004\012\023\012\104\151\163\151\147\040\141\056\163\056
|
||||
\061\031\060\027\006\003\125\004\003\023\020\103\101\040\104\151
|
||||
\163\151\147\040\122\157\157\164\040\122\061\060\036\027\015\061
|
||||
\062\060\067\061\071\060\071\060\066\065\066\132\027\015\064\062
|
||||
\060\067\061\071\060\071\060\066\065\066\132\060\122\061\013\060
|
||||
\011\006\003\125\004\006\023\002\123\113\061\023\060\021\006\003
|
||||
\125\004\007\023\012\102\162\141\164\151\163\154\141\166\141\061
|
||||
\023\060\021\006\003\125\004\012\023\012\104\151\163\151\147\040
|
||||
\141\056\163\056\061\031\060\027\006\003\125\004\003\023\020\103
|
||||
\101\040\104\151\163\151\147\040\122\157\157\164\040\122\061\060
|
||||
\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001\001
|
||||
\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001\000
|
||||
\252\303\170\367\334\230\243\247\132\136\167\030\262\335\004\144
|
||||
\017\143\375\233\226\011\200\325\350\252\245\342\234\046\224\072
|
||||
\350\231\163\214\235\337\327\337\203\363\170\117\100\341\177\322
|
||||
\247\322\345\312\023\223\347\355\306\167\137\066\265\224\257\350
|
||||
\070\216\333\233\345\174\273\314\215\353\165\163\341\044\315\346
|
||||
\247\055\031\056\330\326\212\153\024\353\010\142\012\330\334\263
|
||||
\000\115\303\043\174\137\103\010\043\062\022\334\355\014\255\300
|
||||
\175\017\245\172\102\331\132\160\331\277\247\327\001\034\366\233
|
||||
\253\216\267\112\206\170\240\036\126\061\256\357\202\012\200\101
|
||||
\367\033\311\256\253\062\046\324\054\153\355\175\153\344\342\136
|
||||
\042\012\105\313\204\061\115\254\376\333\321\107\272\371\140\227
|
||||
\071\261\145\307\336\373\231\344\012\042\261\055\115\345\110\046
|
||||
\151\253\342\252\363\373\374\222\051\062\351\263\076\115\037\047
|
||||
\241\315\216\271\027\373\045\076\311\156\363\167\332\015\022\366
|
||||
\135\307\273\066\020\325\124\326\363\340\342\107\110\346\336\024
|
||||
\332\141\122\257\046\264\365\161\117\311\327\322\006\337\143\312
|
||||
\377\041\350\131\006\340\010\325\204\025\123\367\103\345\174\305
|
||||
\240\211\230\153\163\306\150\316\145\336\275\177\005\367\261\356
|
||||
\366\127\241\140\225\305\314\352\223\072\276\231\256\233\002\243
|
||||
\255\311\026\265\316\335\136\231\170\176\032\071\176\262\300\005
|
||||
\244\300\202\245\243\107\236\214\352\134\266\274\147\333\346\052
|
||||
\115\322\004\334\243\256\105\367\274\213\234\034\247\326\325\003
|
||||
\334\010\313\056\026\312\134\100\063\350\147\303\056\347\246\104
|
||||
\352\021\105\034\065\145\055\036\105\141\044\033\202\056\245\235
|
||||
\063\135\145\370\101\371\056\313\224\077\037\243\014\061\044\104
|
||||
\355\307\136\255\120\272\306\101\233\254\360\027\145\300\370\135
|
||||
\157\133\240\012\064\074\356\327\352\210\237\230\371\257\116\044
|
||||
\372\227\262\144\166\332\253\364\355\343\303\140\357\325\371\002
|
||||
\310\055\237\203\257\147\151\006\247\061\125\325\317\113\157\377
|
||||
\004\005\307\130\254\137\026\033\345\322\243\353\061\333\037\063
|
||||
\025\115\320\362\245\123\365\313\341\075\116\150\055\330\022\335
|
||||
\252\362\346\115\233\111\345\305\050\241\272\260\132\306\240\265
|
||||
\002\003\001\000\001\243\102\060\100\060\017\006\003\125\035\023
|
||||
\001\001\377\004\005\060\003\001\001\377\060\016\006\003\125\035
|
||||
\017\001\001\377\004\004\003\002\001\006\060\035\006\003\125\035
|
||||
\016\004\026\004\024\211\012\264\070\223\032\346\253\356\233\221
|
||||
\030\371\365\074\076\065\320\323\202\060\015\006\011\052\206\110
|
||||
\206\367\015\001\001\005\005\000\003\202\002\001\000\062\213\366
|
||||
\235\112\311\276\024\345\214\254\070\312\072\011\324\033\316\206
|
||||
\263\335\353\324\272\050\276\022\256\105\054\004\164\254\023\121
|
||||
\305\130\030\146\115\202\332\325\334\223\300\047\341\276\174\237
|
||||
\122\236\022\126\366\325\234\251\364\165\234\372\067\022\217\034
|
||||
\223\354\127\376\007\017\253\325\022\367\017\256\141\136\126\200
|
||||
\111\365\374\060\365\233\117\037\101\057\034\204\323\211\307\342
|
||||
\332\002\166\355\011\317\154\301\270\034\203\034\026\372\224\315
|
||||
\175\240\310\030\322\310\235\156\365\275\151\324\155\075\065\350
|
||||
\036\242\117\140\327\007\051\374\262\243\244\235\156\025\222\126
|
||||
\031\114\012\260\351\174\322\031\115\102\106\354\275\375\366\127
|
||||
\133\335\230\176\244\115\314\162\003\203\130\135\357\223\072\101
|
||||
\172\143\252\174\072\250\365\254\244\321\335\242\055\266\052\374
|
||||
\237\001\216\342\020\261\304\312\344\147\333\125\045\031\077\375
|
||||
\350\066\176\263\341\341\201\257\021\026\213\120\227\140\031\202
|
||||
\000\300\153\115\163\270\321\023\007\076\352\266\061\117\360\102
|
||||
\232\155\342\021\164\345\224\254\215\204\225\074\041\257\305\332
|
||||
\107\310\337\071\142\142\313\133\120\013\327\201\100\005\234\233
|
||||
\355\272\266\213\036\004\157\226\040\071\355\244\175\051\333\110
|
||||
\316\202\334\324\002\215\035\004\061\132\307\113\360\154\141\122
|
||||
\327\264\121\302\201\154\315\341\373\247\241\322\222\166\317\261
|
||||
\017\067\130\244\362\122\161\147\077\014\210\170\200\211\301\310
|
||||
\265\037\222\143\276\247\172\212\126\054\032\250\246\234\265\135
|
||||
\263\143\320\023\040\241\353\221\154\320\215\175\257\337\013\344
|
||||
\027\271\206\236\070\261\224\014\130\214\340\125\252\073\143\155
|
||||
\232\211\140\270\144\052\222\306\067\364\176\103\103\267\163\350
|
||||
\001\347\177\227\017\327\362\173\031\375\032\327\217\311\372\205
|
||||
\153\172\235\236\211\266\246\050\231\223\210\100\367\076\315\121
|
||||
\243\312\352\357\171\107\041\265\376\062\342\307\303\121\157\276
|
||||
\200\164\360\244\303\072\362\117\351\137\337\031\012\362\073\023
|
||||
\103\254\061\244\263\347\353\374\030\326\001\251\363\052\217\066
|
||||
\016\353\264\261\274\267\114\311\153\277\241\363\331\364\355\342
|
||||
\360\343\355\144\236\075\057\226\122\117\200\123\213
|
||||
END
|
||||
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
|
||||
|
||||
# Trust for "CA Disig Root R1"
|
||||
# Issuer: CN=CA Disig Root R1,O=Disig a.s.,L=Bratislava,C=SK
|
||||
# Serial Number:00:c3:03:9a:ee:50:90:6e:28
|
||||
# Subject: CN=CA Disig Root R1,O=Disig a.s.,L=Bratislava,C=SK
|
||||
# Not Valid Before: Thu Jul 19 09:06:56 2012
|
||||
# Not Valid After : Sat Jul 19 09:06:56 2042
|
||||
# Fingerprint (MD5): BE:EC:11:93:9A:F5:69:21:BC:D7:C1:C0:67:89:CC:2A
|
||||
# Fingerprint (SHA1): 8E:1C:74:F8:A6:20:B9:E5:8A:F4:61:FA:EC:2B:47:56:51:1A:52:C6
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "CA Disig Root R1"
|
||||
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
|
||||
\216\034\164\370\246\040\271\345\212\364\141\372\354\053\107\126
|
||||
\121\032\122\306
|
||||
END
|
||||
CKA_CERT_MD5_HASH MULTILINE_OCTAL
|
||||
\276\354\021\223\232\365\151\041\274\327\301\300\147\211\314\052
|
||||
END
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\122\061\013\060\011\006\003\125\004\006\023\002\123\113\061
|
||||
\023\060\021\006\003\125\004\007\023\012\102\162\141\164\151\163
|
||||
\154\141\166\141\061\023\060\021\006\003\125\004\012\023\012\104
|
||||
\151\163\151\147\040\141\056\163\056\061\031\060\027\006\003\125
|
||||
\004\003\023\020\103\101\040\104\151\163\151\147\040\122\157\157
|
||||
\164\040\122\061
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\011\000\303\003\232\356\120\220\156\050
|
||||
END
|
||||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "CA Disig Root R2"
|
||||
#
|
||||
|
@ -17672,188 +17230,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
|||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "VeriSign-C3SSA-G2-temporary-intermediate-after-1024bit-removal"
|
||||
#
|
||||
# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
|
||||
# Serial Number:2f:00:6e:cd:17:70:66:e7:5f:a3:82:0a:79:1f:05:ae
|
||||
# Subject: CN=VeriSign Class 3 Secure Server CA - G2,OU=Terms of use at https://www.verisign.com/rpa (c)09,OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
|
||||
# Not Valid Before: Thu Mar 26 00:00:00 2009
|
||||
# Not Valid After : Sun Mar 24 23:59:59 2019
|
||||
# Fingerprint (SHA-256): 0A:41:51:D5:E5:8B:84:B8:AC:E5:3A:5C:12:12:2A:C9:59:CD:69:91:FB:B3:8E:99:B5:76:C0:AB:DA:C3:58:14
|
||||
# Fingerprint (SHA1): 76:44:59:78:1B:AC:B0:47:63:A5:D0:A1:58:91:65:26:1F:29:8E:3B
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "VeriSign-C3SSA-G2-temporary-intermediate-after-1024bit-removal"
|
||||
CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
|
||||
CKA_SUBJECT MULTILINE_OCTAL
|
||||
\060\201\265\061\013\060\011\006\003\125\004\006\023\002\125\123
|
||||
\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
|
||||
\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
|
||||
\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
|
||||
\163\164\040\116\145\164\167\157\162\153\061\073\060\071\006\003
|
||||
\125\004\013\023\062\124\145\162\155\163\040\157\146\040\165\163
|
||||
\145\040\141\164\040\150\164\164\160\163\072\057\057\167\167\167
|
||||
\056\166\145\162\151\163\151\147\156\056\143\157\155\057\162\160
|
||||
\141\040\050\143\051\060\071\061\057\060\055\006\003\125\004\003
|
||||
\023\046\126\145\162\151\123\151\147\156\040\103\154\141\163\163
|
||||
\040\063\040\123\145\143\165\162\145\040\123\145\162\166\145\162
|
||||
\040\103\101\040\055\040\107\062
|
||||
END
|
||||
CKA_ID UTF8 "0"
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
|
||||
\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
|
||||
\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
|
||||
\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
|
||||
\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
|
||||
\125\004\013\023\061\050\143\051\040\062\060\060\066\040\126\145
|
||||
\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
|
||||
\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
|
||||
\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
|
||||
\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
|
||||
\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
|
||||
\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
|
||||
\165\164\150\157\162\151\164\171\040\055\040\107\065
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\020\057\000\156\315\027\160\146\347\137\243\202\012\171\037
|
||||
\005\256
|
||||
END
|
||||
CKA_VALUE MULTILINE_OCTAL
|
||||
\060\202\005\071\060\202\004\041\240\003\002\001\002\002\020\057
|
||||
\000\156\315\027\160\146\347\137\243\202\012\171\037\005\256\060
|
||||
\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201
|
||||
\312\061\013\060\011\006\003\125\004\006\023\002\125\123\061\027
|
||||
\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151\147
|
||||
\156\054\040\111\156\143\056\061\037\060\035\006\003\125\004\013
|
||||
\023\026\126\145\162\151\123\151\147\156\040\124\162\165\163\164
|
||||
\040\116\145\164\167\157\162\153\061\072\060\070\006\003\125\004
|
||||
\013\023\061\050\143\051\040\062\060\060\066\040\126\145\162\151
|
||||
\123\151\147\156\054\040\111\156\143\056\040\055\040\106\157\162
|
||||
\040\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040
|
||||
\157\156\154\171\061\105\060\103\006\003\125\004\003\023\074\126
|
||||
\145\162\151\123\151\147\156\040\103\154\141\163\163\040\063\040
|
||||
\120\165\142\154\151\143\040\120\162\151\155\141\162\171\040\103
|
||||
\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164
|
||||
\150\157\162\151\164\171\040\055\040\107\065\060\036\027\015\060
|
||||
\071\060\063\062\066\060\060\060\060\060\060\132\027\015\061\071
|
||||
\060\063\062\064\062\063\065\071\065\071\132\060\201\265\061\013
|
||||
\060\011\006\003\125\004\006\023\002\125\123\061\027\060\025\006
|
||||
\003\125\004\012\023\016\126\145\162\151\123\151\147\156\054\040
|
||||
\111\156\143\056\061\037\060\035\006\003\125\004\013\023\026\126
|
||||
\145\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145
|
||||
\164\167\157\162\153\061\073\060\071\006\003\125\004\013\023\062
|
||||
\124\145\162\155\163\040\157\146\040\165\163\145\040\141\164\040
|
||||
\150\164\164\160\163\072\057\057\167\167\167\056\166\145\162\151
|
||||
\163\151\147\156\056\143\157\155\057\162\160\141\040\050\143\051
|
||||
\060\071\061\057\060\055\006\003\125\004\003\023\046\126\145\162
|
||||
\151\123\151\147\156\040\103\154\141\163\163\040\063\040\123\145
|
||||
\143\165\162\145\040\123\145\162\166\145\162\040\103\101\040\055
|
||||
\040\107\062\060\202\001\042\060\015\006\011\052\206\110\206\367
|
||||
\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002
|
||||
\202\001\001\000\324\126\217\127\073\067\050\246\100\143\322\225
|
||||
\325\005\164\332\265\031\152\226\326\161\127\057\342\300\064\214
|
||||
\240\225\263\214\341\067\044\363\056\355\103\105\005\216\211\327
|
||||
\372\332\112\265\370\076\215\116\307\371\111\120\105\067\100\237
|
||||
\164\252\240\121\125\141\361\140\204\211\245\236\200\215\057\260
|
||||
\041\252\105\202\304\317\264\024\177\107\025\040\050\202\260\150
|
||||
\022\300\256\134\007\327\366\131\314\313\142\126\134\115\111\377
|
||||
\046\210\253\124\121\072\057\112\332\016\230\342\211\162\271\374
|
||||
\367\150\074\304\037\071\172\313\027\201\363\014\255\017\334\141
|
||||
\142\033\020\013\004\036\051\030\161\136\142\313\103\336\276\061
|
||||
\272\161\002\031\116\046\251\121\332\214\144\151\003\336\234\375
|
||||
\175\375\173\141\274\374\204\174\210\134\264\303\173\355\137\053
|
||||
\106\022\361\375\000\001\232\213\133\351\243\005\056\217\056\133
|
||||
\336\363\033\170\370\146\221\010\300\136\316\325\260\066\312\324
|
||||
\250\173\240\175\371\060\172\277\370\335\031\121\053\040\272\376
|
||||
\247\317\241\116\260\147\365\200\252\053\203\056\322\216\124\211
|
||||
\216\036\051\013\002\003\001\000\001\243\202\001\054\060\202\001
|
||||
\050\060\022\006\003\125\035\023\001\001\377\004\010\060\006\001
|
||||
\001\377\002\001\000\060\016\006\003\125\035\017\001\001\377\004
|
||||
\004\003\002\001\006\060\051\006\003\125\035\021\004\042\060\040
|
||||
\244\036\060\034\061\032\060\030\006\003\125\004\003\023\021\103
|
||||
\154\141\163\163\063\103\101\062\060\064\070\055\061\055\065\062
|
||||
\060\035\006\003\125\035\016\004\026\004\024\245\357\013\021\316
|
||||
\300\101\003\243\112\145\220\110\262\034\340\127\055\175\107\060
|
||||
\146\006\003\125\035\040\004\137\060\135\060\133\006\013\140\206
|
||||
\110\001\206\370\105\001\007\027\003\060\114\060\043\006\010\053
|
||||
\006\001\005\005\007\002\001\026\027\150\164\164\160\163\072\057
|
||||
\057\144\056\163\171\155\143\142\056\143\157\155\057\143\160\163
|
||||
\060\045\006\010\053\006\001\005\005\007\002\002\060\031\032\027
|
||||
\150\164\164\160\163\072\057\057\144\056\163\171\155\143\142\056
|
||||
\143\157\155\057\162\160\141\060\057\006\003\125\035\037\004\050
|
||||
\060\046\060\044\240\042\240\040\206\036\150\164\164\160\072\057
|
||||
\057\163\056\163\171\155\143\142\056\143\157\155\057\160\143\141
|
||||
\063\055\147\065\056\143\162\154\060\037\006\003\125\035\043\004
|
||||
\030\060\026\200\024\177\323\145\247\302\335\354\273\360\060\011
|
||||
\363\103\071\372\002\257\063\061\063\060\015\006\011\052\206\110
|
||||
\206\367\015\001\001\005\005\000\003\202\001\001\000\053\216\024
|
||||
\314\354\206\010\140\067\213\154\145\211\045\041\336\057\122\242
|
||||
\007\236\130\323\263\026\170\001\231\121\225\264\023\167\314\167
|
||||
\335\013\134\201\067\326\276\366\142\326\004\067\013\030\163\232
|
||||
\323\366\301\242\036\155\234\273\214\021\346\076\022\136\007\137
|
||||
\013\203\134\164\002\340\120\364\261\046\033\155\306\350\351\277
|
||||
\115\271\001\025\031\354\120\232\371\021\360\201\130\103\054\115
|
||||
\021\100\263\132\106\010\246\136\163\241\210\022\065\214\377\003
|
||||
\072\275\326\235\372\347\334\226\271\032\144\076\304\375\331\012
|
||||
\266\145\236\272\245\250\130\374\073\042\360\242\127\356\212\127
|
||||
\107\234\167\307\045\341\254\064\005\115\363\202\176\101\043\272
|
||||
\264\127\363\347\306\001\145\327\115\211\231\034\151\115\136\170
|
||||
\366\353\162\161\075\262\304\225\001\237\135\014\267\057\045\246
|
||||
\134\171\101\357\236\304\147\074\241\235\177\161\072\320\225\227
|
||||
\354\170\102\164\230\156\276\076\150\114\127\074\250\223\101\207
|
||||
\013\344\271\257\221\373\120\114\014\272\300\044\047\321\025\333
|
||||
\145\110\041\012\057\327\334\176\240\314\145\176\171
|
||||
END
|
||||
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
|
||||
|
||||
# Trust for "VeriSign-C3SSA-G2-temporary-intermediate-after-1024bit-removal"
|
||||
# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
|
||||
# Serial Number:2f:00:6e:cd:17:70:66:e7:5f:a3:82:0a:79:1f:05:ae
|
||||
# Subject: CN=VeriSign Class 3 Secure Server CA - G2,OU=Terms of use at https://www.verisign.com/rpa (c)09,OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
|
||||
# Not Valid Before: Thu Mar 26 00:00:00 2009
|
||||
# Not Valid After : Sun Mar 24 23:59:59 2019
|
||||
# Fingerprint (SHA-256): 0A:41:51:D5:E5:8B:84:B8:AC:E5:3A:5C:12:12:2A:C9:59:CD:69:91:FB:B3:8E:99:B5:76:C0:AB:DA:C3:58:14
|
||||
# Fingerprint (SHA1): 76:44:59:78:1B:AC:B0:47:63:A5:D0:A1:58:91:65:26:1F:29:8E:3B
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "VeriSign-C3SSA-G2-temporary-intermediate-after-1024bit-removal"
|
||||
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
|
||||
\166\104\131\170\033\254\260\107\143\245\320\241\130\221\145\046
|
||||
\037\051\216\073
|
||||
END
|
||||
CKA_CERT_MD5_HASH MULTILINE_OCTAL
|
||||
\277\022\155\372\174\325\133\046\171\072\215\252\021\357\057\134
|
||||
END
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
|
||||
\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
|
||||
\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
|
||||
\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
|
||||
\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
|
||||
\125\004\013\023\061\050\143\051\040\062\060\060\066\040\126\145
|
||||
\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
|
||||
\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
|
||||
\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
|
||||
\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
|
||||
\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
|
||||
\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
|
||||
\165\164\150\157\162\151\164\171\040\055\040\107\065
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\020\057\000\156\315\027\160\146\347\137\243\202\012\171\037
|
||||
\005\256
|
||||
END
|
||||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "Staat der Nederlanden Root CA - G3"
|
||||
#
|
||||
|
|
|
@ -46,8 +46,8 @@
|
|||
* It's recommend to switch back to 0 after having reached version 98/99.
|
||||
*/
|
||||
#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
|
||||
#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 20
|
||||
#define NSS_BUILTINS_LIBRARY_VERSION "2.20"
|
||||
#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 22
|
||||
#define NSS_BUILTINS_LIBRARY_VERSION "2.22"
|
||||
|
||||
/* These version numbers detail the semantic changes to the ckfw engine. */
|
||||
#define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
|
||||
|
|
|
@ -1984,13 +1984,14 @@ sec_GetHashMechanismByOidTag(SECOidTag tag)
|
|||
return CKM_SHA384;
|
||||
case SEC_OID_SHA256:
|
||||
return CKM_SHA256;
|
||||
case SEC_OID_SHA224:
|
||||
return CKM_SHA224;
|
||||
case SEC_OID_SHA1:
|
||||
return CKM_SHA_1;
|
||||
default:
|
||||
PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
|
||||
/* fallthrough */
|
||||
case SEC_OID_SHA1:
|
||||
break;
|
||||
return CKM_INVALID_MECHANISM;
|
||||
}
|
||||
return CKM_SHA_1;
|
||||
}
|
||||
|
||||
static CK_RSA_PKCS_MGF_TYPE
|
||||
|
@ -2003,13 +2004,14 @@ sec_GetMgfTypeByOidTag(SECOidTag tag)
|
|||
return CKG_MGF1_SHA384;
|
||||
case SEC_OID_SHA256:
|
||||
return CKG_MGF1_SHA256;
|
||||
case SEC_OID_SHA224:
|
||||
return CKG_MGF1_SHA224;
|
||||
case SEC_OID_SHA1:
|
||||
return CKG_MGF1_SHA1;
|
||||
default:
|
||||
PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
|
||||
/* fallthrough */
|
||||
case SEC_OID_SHA1:
|
||||
break;
|
||||
return 0;
|
||||
}
|
||||
return CKG_MGF1_SHA1;
|
||||
}
|
||||
|
||||
SECStatus
|
||||
|
@ -2019,6 +2021,7 @@ sec_RSAPSSParamsToMechanism(CK_RSA_PKCS_PSS_PARAMS *mech,
|
|||
SECStatus rv = SECSuccess;
|
||||
SECOidTag hashAlgTag;
|
||||
unsigned long saltLength;
|
||||
unsigned long trailerField;
|
||||
|
||||
PORT_Memset(mech, 0, sizeof(CK_RSA_PKCS_PSS_PARAMS));
|
||||
|
||||
|
@ -2028,6 +2031,9 @@ sec_RSAPSSParamsToMechanism(CK_RSA_PKCS_PSS_PARAMS *mech,
|
|||
hashAlgTag = SEC_OID_SHA1; /* default, SHA-1 */
|
||||
}
|
||||
mech->hashAlg = sec_GetHashMechanismByOidTag(hashAlgTag);
|
||||
if (mech->hashAlg == CKM_INVALID_MECHANISM) {
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
if (params->maskAlg) {
|
||||
SECAlgorithmID maskHashAlg;
|
||||
|
@ -2050,6 +2056,9 @@ sec_RSAPSSParamsToMechanism(CK_RSA_PKCS_PSS_PARAMS *mech,
|
|||
}
|
||||
maskHashAlgTag = SECOID_GetAlgorithmTag(&maskHashAlg);
|
||||
mech->mgf = sec_GetMgfTypeByOidTag(maskHashAlgTag);
|
||||
if (mech->mgf == 0) {
|
||||
return SECFailure;
|
||||
}
|
||||
} else {
|
||||
mech->mgf = CKG_MGF1_SHA1; /* default, MGF1 with SHA-1 */
|
||||
}
|
||||
|
@ -2064,5 +2073,18 @@ sec_RSAPSSParamsToMechanism(CK_RSA_PKCS_PSS_PARAMS *mech,
|
|||
}
|
||||
mech->sLen = saltLength;
|
||||
|
||||
if (params->trailerField.data) {
|
||||
rv = SEC_ASN1DecodeInteger((SECItem *)¶ms->trailerField, &trailerField);
|
||||
if (rv != SECSuccess) {
|
||||
return rv;
|
||||
}
|
||||
if (trailerField != 1) {
|
||||
/* the value must be 1, which represents the trailer field
|
||||
* with hexadecimal value 0xBC */
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
return SECFailure;
|
||||
}
|
||||
}
|
||||
|
||||
return rv;
|
||||
}
|
||||
|
|
|
@ -540,7 +540,10 @@ FC_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
|
|||
|
||||
crv = NSC_GetTokenInfo(slotID, pInfo);
|
||||
if (crv == CKR_OK) {
|
||||
if ((pInfo->flags & CKF_LOGIN_REQUIRED) == 0) {
|
||||
/* use the global database to figure out if we are running in
|
||||
* FIPS 140 Level 1 or Level 2 */
|
||||
if (slotID == FIPS_SLOT_ID &&
|
||||
(pInfo->flags & CKF_LOGIN_REQUIRED) == 0) {
|
||||
isLevel2 = PR_FALSE;
|
||||
}
|
||||
}
|
||||
|
@ -616,7 +619,8 @@ FC_InitPIN(CK_SESSION_HANDLE hSession,
|
|||
* we need to make sure the pin meets FIPS requirements */
|
||||
if ((ulPinLen == 0) || ((rv = sftk_newPinCheck(pPin, ulPinLen)) == CKR_OK)) {
|
||||
rv = NSC_InitPIN(hSession, pPin, ulPinLen);
|
||||
if (rv == CKR_OK) {
|
||||
if ((rv == CKR_OK) &&
|
||||
(sftk_SlotIDFromSessionHandle(hSession) == FIPS_SLOT_ID)) {
|
||||
isLevel2 = (ulPinLen > 0) ? PR_TRUE : PR_FALSE;
|
||||
}
|
||||
}
|
||||
|
@ -644,7 +648,8 @@ FC_SetPIN(CK_SESSION_HANDLE hSession, CK_CHAR_PTR pOldPin,
|
|||
if ((rv = sftk_fipsCheck()) == CKR_OK &&
|
||||
(rv = sftk_newPinCheck(pNewPin, usNewLen)) == CKR_OK) {
|
||||
rv = NSC_SetPIN(hSession, pOldPin, usOldLen, pNewPin, usNewLen);
|
||||
if (rv == CKR_OK) {
|
||||
if ((rv == CKR_OK) &&
|
||||
(sftk_SlotIDFromSessionHandle(hSession) == FIPS_SLOT_ID)) {
|
||||
/* if we set the password in level1 we now go
|
||||
* to level2. NOTE: we don't allow the user to
|
||||
* go from level2 to level1 */
|
||||
|
@ -705,11 +710,23 @@ FC_GetSessionInfo(CK_SESSION_HANDLE hSession,
|
|||
|
||||
rv = NSC_GetSessionInfo(hSession, pInfo);
|
||||
if (rv == CKR_OK) {
|
||||
if ((isLoggedIn) && (pInfo->state == CKS_RO_PUBLIC_SESSION)) {
|
||||
pInfo->state = CKS_RO_USER_FUNCTIONS;
|
||||
}
|
||||
if ((isLoggedIn) && (pInfo->state == CKS_RW_PUBLIC_SESSION)) {
|
||||
pInfo->state = CKS_RW_USER_FUNCTIONS;
|
||||
/* handle the case where the auxilary slot doesn't require login.
|
||||
* piggy back on the main token's login state */
|
||||
if (isLoggedIn &&
|
||||
((pInfo->state == CKS_RO_PUBLIC_SESSION) ||
|
||||
(pInfo->state == CKS_RW_PUBLIC_SESSION))) {
|
||||
CK_RV crv;
|
||||
CK_TOKEN_INFO tInfo;
|
||||
crv = NSC_GetTokenInfo(sftk_SlotIDFromSessionHandle(hSession),
|
||||
&tInfo);
|
||||
/* if the token doesn't login, use our global login state */
|
||||
if ((crv == CKR_OK) && ((tInfo.flags & CKF_LOGIN_REQUIRED) == 0)) {
|
||||
if (pInfo->state == CKS_RO_PUBLIC_SESSION) {
|
||||
pInfo->state = CKS_RO_USER_FUNCTIONS;
|
||||
} else {
|
||||
pInfo->state = CKS_RW_USER_FUNCTIONS;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return rv;
|
||||
|
|
|
@ -2364,17 +2364,22 @@ sftk_SlotFromID(CK_SLOT_ID slotID, PRBool all)
|
|||
return slot;
|
||||
}
|
||||
|
||||
SFTKSlot *
|
||||
sftk_SlotFromSessionHandle(CK_SESSION_HANDLE handle)
|
||||
CK_SLOT_ID
|
||||
sftk_SlotIDFromSessionHandle(CK_SESSION_HANDLE handle)
|
||||
{
|
||||
CK_ULONG slotIDIndex = (handle >> 24) & 0x7f;
|
||||
CK_ULONG moduleIndex = (handle >> 31) & 1;
|
||||
|
||||
if (slotIDIndex >= nscSlotCount[moduleIndex]) {
|
||||
return NULL;
|
||||
return (CK_SLOT_ID)-1;
|
||||
}
|
||||
return nscSlotList[moduleIndex][slotIDIndex];
|
||||
}
|
||||
|
||||
return sftk_SlotFromID(nscSlotList[moduleIndex][slotIDIndex], PR_FALSE);
|
||||
SFTKSlot *
|
||||
sftk_SlotFromSessionHandle(CK_SESSION_HANDLE handle)
|
||||
{
|
||||
return sftk_SlotFromID(sftk_SlotIDFromSessionHandle(handle), PR_FALSE);
|
||||
}
|
||||
|
||||
static CK_RV
|
||||
|
|
|
@ -667,6 +667,7 @@ extern CK_RV sftk_handleObject(SFTKObject *object, SFTKSession *session);
|
|||
|
||||
extern SFTKSlot *sftk_SlotFromID(CK_SLOT_ID slotID, PRBool all);
|
||||
extern SFTKSlot *sftk_SlotFromSessionHandle(CK_SESSION_HANDLE handle);
|
||||
extern CK_SLOT_ID sftk_SlotIDFromSessionHandle(CK_SESSION_HANDLE handle);
|
||||
extern SFTKSession *sftk_SessionFromHandle(CK_SESSION_HANDLE handle);
|
||||
extern void sftk_FreeSession(SFTKSession *session);
|
||||
extern SFTKSession *sftk_NewSession(CK_SLOT_ID slotID, CK_NOTIFY notify,
|
||||
|
|
|
@ -37,6 +37,7 @@
|
|||
#elif defined(XP_UNIX)
|
||||
#include <unistd.h>
|
||||
#endif
|
||||
#include "utilpars.h"
|
||||
|
||||
#ifdef SQLITE_UNSAFE_THREADS
|
||||
#include "prlock.h"
|
||||
|
@ -190,6 +191,34 @@ sdb_done(int err, int *count)
|
|||
return 0;
|
||||
}
|
||||
|
||||
#if defined(_WIN32)
|
||||
/*
|
||||
* NSPR functions and narrow CRT functions do not handle UTF-8 file paths that
|
||||
* sqlite3 expects.
|
||||
*/
|
||||
|
||||
static int
|
||||
sdb_chmod(const char *filename, int pmode)
|
||||
{
|
||||
int result;
|
||||
|
||||
if (!filename) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
wchar_t *filenameWide = _NSSUTIL_UTF8ToWide(filename);
|
||||
if (!filenameWide) {
|
||||
return -1;
|
||||
}
|
||||
result = _wchmod(filenameWide, pmode);
|
||||
PORT_Free(filenameWide);
|
||||
|
||||
return result;
|
||||
}
|
||||
#else
|
||||
#define sdb_chmod(filename, pmode) chmod((filename), (pmode))
|
||||
#endif
|
||||
|
||||
/*
|
||||
* find out where sqlite stores the temp tables. We do this by replicating
|
||||
* the logic from sqlite.
|
||||
|
@ -1739,7 +1768,7 @@ sdb_init(char *dbname, char *table, sdbDataType type, int *inUpdate,
|
|||
* sqlite3 will always create it.
|
||||
*/
|
||||
LOCK_SQLITE();
|
||||
create = (PR_Access(dbname, PR_ACCESS_EXISTS) != PR_SUCCESS);
|
||||
create = (_NSSUTIL_Access(dbname, PR_ACCESS_EXISTS) != PR_SUCCESS);
|
||||
if ((flags == SDB_RDONLY) && create) {
|
||||
error = sdb_mapSQLError(type, SQLITE_CANTOPEN);
|
||||
goto loser;
|
||||
|
@ -1756,7 +1785,7 @@ sdb_init(char *dbname, char *table, sdbDataType type, int *inUpdate,
|
|||
*
|
||||
* NO NSPR call for chmod? :(
|
||||
*/
|
||||
if (create && chmod(dbname, 0600) != 0) {
|
||||
if (create && sdb_chmod(dbname, 0600) != 0) {
|
||||
error = sdb_mapSQLError(type, SQLITE_CANTOPEN);
|
||||
goto loser;
|
||||
}
|
||||
|
|
|
@ -83,6 +83,10 @@ CK_RV s_open(const char *directory, const char *certPrefix,
|
|||
int flags, SDB **certdb, SDB **keydb, int *newInit);
|
||||
CK_RV s_shutdown();
|
||||
|
||||
#if defined(_WIN32)
|
||||
wchar_t *sdb_UTF8ToWide(const char *buf);
|
||||
#endif
|
||||
|
||||
/* flags */
|
||||
#define SDB_RDONLY 1
|
||||
#define SDB_RDWR 2
|
||||
|
|
|
@ -28,6 +28,9 @@
|
|||
#include "utilpars.h"
|
||||
#include "secerr.h"
|
||||
#include "softoken.h"
|
||||
#if defined(_WIN32)
|
||||
#include <windows.h>
|
||||
#endif
|
||||
|
||||
/*
|
||||
* We want all databases to have the same binary representation independent of
|
||||
|
@ -2509,6 +2512,53 @@ sftk_oldVersionExists(const char *dir, int version)
|
|||
return PR_FALSE;
|
||||
}
|
||||
|
||||
#if defined(_WIN32)
|
||||
/*
|
||||
* Convert an sdb path (encoded in UTF-8) to a legacy path (encoded in the
|
||||
* current system codepage). Fails if the path contains a character outside
|
||||
* the current system codepage.
|
||||
*/
|
||||
static char *
|
||||
sftk_legacyPathFromSDBPath(const char *confdir)
|
||||
{
|
||||
wchar_t *confdirWide;
|
||||
DWORD size;
|
||||
char *nconfdir;
|
||||
BOOL unmappable;
|
||||
|
||||
if (!confdir) {
|
||||
return NULL;
|
||||
}
|
||||
confdirWide = _NSSUTIL_UTF8ToWide(confdir);
|
||||
if (!confdirWide) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
size = WideCharToMultiByte(CP_ACP, WC_NO_BEST_FIT_CHARS, confdirWide, -1,
|
||||
NULL, 0, NULL, &unmappable);
|
||||
if (size == 0 || unmappable) {
|
||||
PORT_Free(confdirWide);
|
||||
return NULL;
|
||||
}
|
||||
nconfdir = PORT_Alloc(sizeof(char) * size);
|
||||
if (!nconfdir) {
|
||||
PORT_Free(confdirWide);
|
||||
return NULL;
|
||||
}
|
||||
size = WideCharToMultiByte(CP_ACP, WC_NO_BEST_FIT_CHARS, confdirWide, -1,
|
||||
nconfdir, size, NULL, &unmappable);
|
||||
PORT_Free(confdirWide);
|
||||
if (size == 0 || unmappable) {
|
||||
PORT_Free(nconfdir);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return nconfdir;
|
||||
}
|
||||
#else
|
||||
#define sftk_legacyPathFromSDBPath(confdir) PORT_Strdup((confdir))
|
||||
#endif
|
||||
|
||||
static PRBool
|
||||
sftk_hasLegacyDB(const char *confdir, const char *certPrefix,
|
||||
const char *keyPrefix, int certVersion, int keyVersion)
|
||||
|
@ -2568,6 +2618,7 @@ sftk_DBInit(const char *configdir, const char *certPrefix,
|
|||
int flags = SDB_RDONLY;
|
||||
PRBool newInit = PR_FALSE;
|
||||
PRBool needUpdate = PR_FALSE;
|
||||
char *nconfdir = NULL;
|
||||
|
||||
if (!readOnly) {
|
||||
flags = SDB_CREATE;
|
||||
|
@ -2606,11 +2657,14 @@ sftk_DBInit(const char *configdir, const char *certPrefix,
|
|||
* the exists.
|
||||
*/
|
||||
if (crv != CKR_OK) {
|
||||
if (((flags & SDB_RDONLY) == SDB_RDONLY) &&
|
||||
sftk_hasLegacyDB(confdir, certPrefix, keyPrefix, 8, 3)) {
|
||||
if ((flags & SDB_RDONLY) == SDB_RDONLY) {
|
||||
nconfdir = sftk_legacyPathFromSDBPath(confdir);
|
||||
}
|
||||
if (nconfdir &&
|
||||
sftk_hasLegacyDB(nconfdir, certPrefix, keyPrefix, 8, 3)) {
|
||||
/* we have legacy databases, if we failed to open the new format
|
||||
* DB's read only, just use the legacy ones */
|
||||
crv = sftkdbCall_open(confdir, certPrefix,
|
||||
crv = sftkdbCall_open(nconfdir, certPrefix,
|
||||
keyPrefix, 8, 3, flags,
|
||||
noCertDB ? NULL : &certSDB, noKeyDB ? NULL : &keySDB);
|
||||
}
|
||||
|
@ -2639,7 +2693,10 @@ sftk_DBInit(const char *configdir, const char *certPrefix,
|
|||
/* if the new format DB was also a newly created DB, and we
|
||||
* succeeded, then need to update that new database with data
|
||||
* from the existing legacy DB */
|
||||
if (sftk_hasLegacyDB(confdir, certPrefix, keyPrefix, 8, 3)) {
|
||||
nconfdir = sftk_legacyPathFromSDBPath(confdir);
|
||||
if (nconfdir &&
|
||||
sftk_hasLegacyDB(nconfdir, certPrefix, keyPrefix, 8, 3)) {
|
||||
confdir = nconfdir;
|
||||
needUpdate = PR_TRUE;
|
||||
}
|
||||
}
|
||||
|
@ -2712,6 +2769,9 @@ done:
|
|||
if (appName) {
|
||||
PORT_Free(appName);
|
||||
}
|
||||
if (nconfdir) {
|
||||
PORT_Free(nconfdir);
|
||||
}
|
||||
return forceOpen ? CKR_OK : crv;
|
||||
}
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@ typedef PRUint16 SSL3ProtocolVersion;
|
|||
/* The TLS 1.3 draft version. Used to avoid negotiating
|
||||
* between incompatible pre-standard TLS 1.3 drafts.
|
||||
* TODO(ekr@rtfm.com): Remove when TLS 1.3 is published. */
|
||||
#define TLS_1_3_DRAFT_VERSION 22
|
||||
#define TLS_1_3_DRAFT_VERSION 23
|
||||
|
||||
typedef PRUint16 ssl3CipherSuite;
|
||||
/* The cipher suites are defined in sslproto.h */
|
||||
|
|
|
@ -425,7 +425,7 @@ typedef enum {
|
|||
ssl_padding_xtn = 21,
|
||||
ssl_extended_master_secret_xtn = 23,
|
||||
ssl_session_ticket_xtn = 35,
|
||||
ssl_tls13_key_share_xtn = 40,
|
||||
/* 40 was used in draft versions of TLS 1.3; it is now reserved. */
|
||||
ssl_tls13_pre_shared_key_xtn = 41,
|
||||
ssl_tls13_early_data_xtn = 42,
|
||||
ssl_tls13_supported_versions_xtn = 43,
|
||||
|
@ -433,6 +433,8 @@ typedef enum {
|
|||
ssl_tls13_psk_key_exchange_modes_xtn = 45,
|
||||
ssl_tls13_ticket_early_data_info_xtn = 46, /* Deprecated. */
|
||||
ssl_tls13_certificate_authorities_xtn = 47,
|
||||
ssl_signature_algorithms_cert_xtn = 50,
|
||||
ssl_tls13_key_share_xtn = 51,
|
||||
ssl_next_proto_nego_xtn = 13172, /* Deprecated. */
|
||||
ssl_renegotiation_info_xtn = 0xff01,
|
||||
ssl_tls13_short_header_xtn = 0xff03 /* Deprecated. */
|
||||
|
@ -444,7 +446,7 @@ typedef enum {
|
|||
/* SSL_MAX_EXTENSIONS includes the maximum number of extensions that are
|
||||
* supported for any single message type. That is, a ClientHello; ServerHello
|
||||
* and TLS 1.3 NewSessionTicket and HelloRetryRequest extensions have fewer. */
|
||||
#define SSL_MAX_EXTENSIONS 19
|
||||
#define SSL_MAX_EXTENSIONS 20
|
||||
|
||||
/* Deprecated */
|
||||
typedef enum {
|
||||
|
|
|
@ -4725,6 +4725,8 @@ static const struct {
|
|||
{ ssl_server_name_xtn, _M2(client_hello, encrypted_extensions) },
|
||||
{ ssl_supported_groups_xtn, _M2(client_hello, encrypted_extensions) },
|
||||
{ ssl_signature_algorithms_xtn, _M2(client_hello, certificate_request) },
|
||||
{ ssl_signature_algorithms_cert_xtn, _M2(client_hello,
|
||||
certificate_request) },
|
||||
{ ssl_use_srtp_xtn, _M2(client_hello, encrypted_extensions) },
|
||||
{ ssl_app_layer_protocol_xtn, _M2(client_hello, encrypted_extensions) },
|
||||
{ ssl_padding_xtn, _M1(client_hello) },
|
||||
|
|
|
@ -315,3 +315,11 @@ NSS_SecureMemcmpZero;
|
|||
;+ local:
|
||||
;+ *;
|
||||
;+};
|
||||
;-NSSUTIL_3.35 { # NSS Utilities 3.35 release
|
||||
;- global:
|
||||
;-# private exports for softoken
|
||||
_NSSUTIL_UTF8ToWide;-
|
||||
_NSSUTIL_Access;-
|
||||
;- local:
|
||||
;- *;
|
||||
;-};
|
||||
|
|
|
@ -24,6 +24,7 @@
|
|||
|
||||
#if defined(_WIN32)
|
||||
#include <io.h>
|
||||
#include <windows.h>
|
||||
#endif
|
||||
#ifdef XP_UNIX
|
||||
#include <unistd.h>
|
||||
|
@ -34,15 +35,184 @@
|
|||
#include <fcntl.h>
|
||||
|
||||
#if defined(_WIN32)
|
||||
#define os_open _open
|
||||
#define os_fdopen _fdopen
|
||||
#define os_stat _stat
|
||||
#define os_truncate_open_flags _O_CREAT | _O_RDWR | _O_TRUNC
|
||||
#define os_append_open_flags _O_CREAT | _O_RDWR | _O_APPEND
|
||||
#define os_open_permissions_type int
|
||||
#define os_open_permissions_default _S_IREAD | _S_IWRITE
|
||||
#define os_stat_type struct _stat
|
||||
|
||||
/*
|
||||
* Convert a UTF8 string to Unicode wide character
|
||||
*/
|
||||
LPWSTR
|
||||
_NSSUTIL_UTF8ToWide(const char *buf)
|
||||
{
|
||||
DWORD size;
|
||||
LPWSTR wide;
|
||||
|
||||
if (!buf) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
size = MultiByteToWideChar(CP_UTF8, 0, buf, -1, NULL, 0);
|
||||
if (size == 0) {
|
||||
return NULL;
|
||||
}
|
||||
wide = PORT_Alloc(sizeof(WCHAR) * size);
|
||||
if (!wide) {
|
||||
return NULL;
|
||||
}
|
||||
size = MultiByteToWideChar(CP_UTF8, 0, buf, -1, wide, size);
|
||||
if (size == 0) {
|
||||
PORT_Free(wide);
|
||||
return NULL;
|
||||
}
|
||||
return wide;
|
||||
}
|
||||
|
||||
static int
|
||||
os_open(const char *filename, int oflag, int pmode)
|
||||
{
|
||||
int fd;
|
||||
|
||||
if (!filename) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
wchar_t *filenameWide = _NSSUTIL_UTF8ToWide(filename);
|
||||
if (!filenameWide) {
|
||||
return -1;
|
||||
}
|
||||
fd = _wopen(filenameWide, oflag, pmode);
|
||||
PORT_Free(filenameWide);
|
||||
|
||||
return fd;
|
||||
}
|
||||
|
||||
static int
|
||||
os_stat(const char *path, os_stat_type *buffer)
|
||||
{
|
||||
int result;
|
||||
|
||||
if (!path) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
wchar_t *pathWide = _NSSUTIL_UTF8ToWide(path);
|
||||
if (!pathWide) {
|
||||
return -1;
|
||||
}
|
||||
result = _wstat(pathWide, buffer);
|
||||
PORT_Free(pathWide);
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
static FILE *
|
||||
os_fopen(const char *filename, const char *mode)
|
||||
{
|
||||
FILE *fp;
|
||||
|
||||
if (!filename || !mode) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
wchar_t *filenameWide = _NSSUTIL_UTF8ToWide(filename);
|
||||
if (!filenameWide) {
|
||||
return NULL;
|
||||
}
|
||||
wchar_t *modeWide = _NSSUTIL_UTF8ToWide(mode);
|
||||
if (!modeWide) {
|
||||
PORT_Free(filenameWide);
|
||||
return NULL;
|
||||
}
|
||||
fp = _wfopen(filenameWide, modeWide);
|
||||
PORT_Free(filenameWide);
|
||||
PORT_Free(modeWide);
|
||||
|
||||
return fp;
|
||||
}
|
||||
|
||||
PRStatus
|
||||
_NSSUTIL_Access(const char *path, PRAccessHow how)
|
||||
{
|
||||
int result;
|
||||
|
||||
if (!path) {
|
||||
return PR_FAILURE;
|
||||
}
|
||||
|
||||
int mode;
|
||||
switch (how) {
|
||||
case PR_ACCESS_WRITE_OK:
|
||||
mode = 2;
|
||||
break;
|
||||
case PR_ACCESS_READ_OK:
|
||||
mode = 4;
|
||||
break;
|
||||
case PR_ACCESS_EXISTS:
|
||||
mode = 0;
|
||||
break;
|
||||
default:
|
||||
return PR_FAILURE;
|
||||
}
|
||||
|
||||
wchar_t *pathWide = _NSSUTIL_UTF8ToWide(path);
|
||||
if (!pathWide) {
|
||||
return PR_FAILURE;
|
||||
}
|
||||
result = _waccess(pathWide, mode);
|
||||
PORT_Free(pathWide);
|
||||
|
||||
return result < 0 ? PR_FAILURE : PR_SUCCESS;
|
||||
}
|
||||
|
||||
static PRStatus
|
||||
nssutil_Delete(const char *name)
|
||||
{
|
||||
BOOL result;
|
||||
|
||||
if (!name) {
|
||||
return PR_FAILURE;
|
||||
}
|
||||
|
||||
wchar_t *nameWide = _NSSUTIL_UTF8ToWide(name);
|
||||
if (!nameWide) {
|
||||
return PR_FAILURE;
|
||||
}
|
||||
result = DeleteFileW(nameWide);
|
||||
PORT_Free(nameWide);
|
||||
|
||||
return result ? PR_SUCCESS : PR_FAILURE;
|
||||
}
|
||||
|
||||
static PRStatus
|
||||
nssutil_Rename(const char *from, const char *to)
|
||||
{
|
||||
BOOL result;
|
||||
|
||||
if (!from || !to) {
|
||||
return PR_FAILURE;
|
||||
}
|
||||
|
||||
wchar_t *fromWide = _NSSUTIL_UTF8ToWide(from);
|
||||
if (!fromWide) {
|
||||
return PR_FAILURE;
|
||||
}
|
||||
wchar_t *toWide = _NSSUTIL_UTF8ToWide(to);
|
||||
if (!toWide) {
|
||||
PORT_Free(fromWide);
|
||||
return PR_FAILURE;
|
||||
}
|
||||
result = MoveFileW(fromWide, toWide);
|
||||
PORT_Free(fromWide);
|
||||
PORT_Free(toWide);
|
||||
|
||||
return result ? PR_SUCCESS : PR_FAILURE;
|
||||
}
|
||||
#else
|
||||
#define os_fopen fopen
|
||||
#define os_open open
|
||||
#define os_fdopen fdopen
|
||||
#define os_stat stat
|
||||
|
@ -51,6 +221,8 @@
|
|||
#define os_open_permissions_type mode_t
|
||||
#define os_open_permissions_default 0600
|
||||
#define os_stat_type struct stat
|
||||
#define nssutil_Delete PR_Delete
|
||||
#define nssutil_Rename PR_Rename
|
||||
#endif
|
||||
|
||||
/****************************************************************
|
||||
|
@ -219,7 +391,7 @@ nssutil_ReadSecmodDB(const char *appName,
|
|||
}
|
||||
|
||||
/* do we really want to use streams here */
|
||||
fd = fopen(dbname, "r");
|
||||
fd = os_fopen(dbname, "r");
|
||||
if (fd == NULL)
|
||||
goto done;
|
||||
|
||||
|
@ -403,7 +575,7 @@ done:
|
|||
}
|
||||
|
||||
/* old one exists */
|
||||
status = PR_Access(olddbname, PR_ACCESS_EXISTS);
|
||||
status = _NSSUTIL_Access(olddbname, PR_ACCESS_EXISTS);
|
||||
if (status == PR_SUCCESS) {
|
||||
PR_smprintf_free(olddbname);
|
||||
PORT_ZFree(moduleList, useCount * sizeof(char *));
|
||||
|
@ -532,7 +704,7 @@ nssutil_DeleteSecmodDBEntry(const char *appName,
|
|||
}
|
||||
|
||||
/* do we really want to use streams here */
|
||||
fd = fopen(dbname, "r");
|
||||
fd = os_fopen(dbname, "r");
|
||||
if (fd == NULL)
|
||||
goto loser;
|
||||
|
||||
|
@ -602,10 +774,10 @@ nssutil_DeleteSecmodDBEntry(const char *appName,
|
|||
fclose(fd2);
|
||||
if (found) {
|
||||
/* rename dbname2 to dbname */
|
||||
PR_Delete(dbname);
|
||||
PR_Rename(dbname2, dbname);
|
||||
nssutil_Delete(dbname);
|
||||
nssutil_Rename(dbname2, dbname);
|
||||
} else {
|
||||
PR_Delete(dbname2);
|
||||
nssutil_Delete(dbname2);
|
||||
}
|
||||
PORT_Free(dbname2);
|
||||
PORT_Free(lib);
|
||||
|
@ -621,7 +793,7 @@ loser:
|
|||
fclose(fd2);
|
||||
}
|
||||
if (dbname2) {
|
||||
PR_Delete(dbname2);
|
||||
nssutil_Delete(dbname2);
|
||||
PORT_Free(dbname2);
|
||||
}
|
||||
PORT_Free(lib);
|
||||
|
|
|
@ -589,6 +589,7 @@ struct nssutilArgSlotFlagTable {
|
|||
}
|
||||
static struct nssutilArgSlotFlagTable nssutil_argSlotFlagTable[] = {
|
||||
NSSUTIL_ARG_ENTRY(RSA, SECMOD_RSA_FLAG),
|
||||
NSSUTIL_ARG_ENTRY(ECC, SECMOD_ECC_FLAG),
|
||||
NSSUTIL_ARG_ENTRY(DSA, SECMOD_RSA_FLAG),
|
||||
NSSUTIL_ARG_ENTRY(RC2, SECMOD_RC4_FLAG),
|
||||
NSSUTIL_ARG_ENTRY(RC4, SECMOD_RC2_FLAG),
|
||||
|
|
|
@ -59,5 +59,11 @@ char *NSSUTIL_MkNSSString(char **slotStrings, int slotCount, PRBool internal,
|
|||
char *_NSSUTIL_GetSecmodName(const char *param, NSSDBType *dbType,
|
||||
char **appName, char **filename, PRBool *rw);
|
||||
const char *_NSSUTIL_EvaluateConfigDir(const char *configdir, NSSDBType *dbType, char **app);
|
||||
#if defined(_WIN32)
|
||||
wchar_t *_NSSUTIL_UTF8ToWide(const char *buf);
|
||||
PRStatus _NSSUTIL_Access(const char *path, PRAccessHow how);
|
||||
#else
|
||||
#define _NSSUTIL_Access(path, how) PR_Access((path), (how))
|
||||
#endif
|
||||
|
||||
#endif /* _UTILPARS_H_ */
|
||||
|
|
|
@ -43,7 +43,7 @@
|
|||
#define NSSUTIL_DEFAULT_INTERNAL_INIT3 \
|
||||
" askpw=any timeout=30})\""
|
||||
#define NSSUTIL_DEFAULT_SFTKN_FLAGS \
|
||||
"slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512]"
|
||||
"slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512]"
|
||||
|
||||
#define NSSUTIL_DEFAULT_CIPHER_ORDER 0
|
||||
#define NSSUTIL_DEFAULT_TRUST_ORDER 50
|
||||
|
|
|
@ -137,3 +137,50 @@ The nss directory contains the following important subdirectories:
|
|||
A more comprehensible overview of the NSS folder structure and API guidelines
|
||||
can be found
|
||||
[here](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_API_Guidelines).
|
||||
|
||||
## Build mechanisms related to FIPS compliance
|
||||
|
||||
NSS supports build configurations for FIPS-140 compliance, and alternative build
|
||||
configurations that disable functionality specific to FIPS-140 compliance.
|
||||
|
||||
This section documents the environment variables and build parameters that
|
||||
control these configurations.
|
||||
|
||||
### Build FIPS startup tests
|
||||
|
||||
The C macro NSS_NO_INIT_SUPPORT controls the FIPS startup self tests.
|
||||
If NSS_NO_INIT_SUPPORT is defined, the startup tests are disabled.
|
||||
|
||||
The legacy build system (make) by default disables these tests.
|
||||
To enable these tests, set environment variable NSS_FORCE_FIPS=1 at build time.
|
||||
|
||||
The gyp build system by default disables these tests.
|
||||
To enable these tests, pass parameter --enable-fips to build.sh.
|
||||
|
||||
### Building either FIPS compliant or alternative compliant code
|
||||
|
||||
The C macro NSS_FIPS_DISABLED can be used to disable some FIPS compliant code
|
||||
and enable alternative implementations.
|
||||
|
||||
The legacy build system (make) never defines NSS_FIPS_DISABLED and always uses
|
||||
the FIPS compliant code.
|
||||
|
||||
The gyp build system by default defines NSS_FIPS_DISABLED.
|
||||
To use the FIPS compliant code, pass parameter --enable-fips to build.sh.
|
||||
|
||||
### Test execution
|
||||
|
||||
The NSS test suite may contain tests that are included, excluded, or are
|
||||
different based on the FIPS build configuration. To execute the correct tests,
|
||||
it's necessary to determine which build configuration was used.
|
||||
|
||||
The legacy build system (make) uses environment variables to control all
|
||||
aspects of the build configuration, including FIPS build configuration.
|
||||
|
||||
Because the gyp build system doesn't use environment variables to control the
|
||||
build configuration, the NSS tests cannot rely on environment variables to
|
||||
determine the build configuration.
|
||||
|
||||
A helper binary named nss-build-flags is produced as part of the NSS build,
|
||||
which prints the C macro symbols that were defined at build time, and which are
|
||||
relevant to test execution.
|
||||
|
|
|
@ -295,9 +295,9 @@ fi
|
|||
cycles="standard pkix upgradedb sharedb"
|
||||
CYCLES=${NSS_CYCLES:-$cycles}
|
||||
|
||||
if [ -n "$NSS_FORCE_FIPS" ]; then
|
||||
NO_INIT_SUPPORT=`certutil --build-flags |grep -cw NSS_NO_INIT_SUPPORT`
|
||||
if [ $NO_INIT_SUPPORT -eq 0 ]; then
|
||||
RUN_FIPS="fips"
|
||||
export NSS_TEST_ENABLE_FIPS=1
|
||||
fi
|
||||
|
||||
tests="cipher lowhash libpkix cert dbtests tools $RUN_FIPS sdr crmf smime ssl ocsp merge pkits ec gtests ssl_gtests"
|
||||
|
@ -310,7 +310,7 @@ TESTS=${NSS_TESTS:-$tests}
|
|||
ALL_TESTS=${TESTS}
|
||||
|
||||
nss_ssl_tests="crl iopr policy"
|
||||
if [ -n "$NSS_FORCE_FIPS" ]; then
|
||||
if [ $NO_INIT_SUPPORT -eq 0 ]; then
|
||||
nss_ssl_tests="$nss_ssl_tests fips_normal normal_fips"
|
||||
fi
|
||||
NSS_SSL_TESTS="${NSS_SSL_TESTS:-$nss_ssl_tests}"
|
||||
|
|
|
@ -0,0 +1,26 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIEbDCCAxqgAwIBAgIBATBHBgkqhkiG9w0BAQowOqAPMA0GCWCGSAFlAwQCAQUA
|
||||
oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASCjBAICEmcwgYMxCzAJ
|
||||
BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFp
|
||||
biBWaWV3MRIwEAYDVQQKEwlCT0dVUyBOU1MxMzAxBgNVBAMTKk5TUyBUZXN0IENB
|
||||
IChSU0EtUFNTIGludmFsaWQgdHJhaWxlckZpZWxkKTAgFw0xNzEyMDcxMjU3NDBa
|
||||
GA8yMDY3MTIwNzEyNTc0MFowgYMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxp
|
||||
Zm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRIwEAYDVQQKEwlCT0dVUyBO
|
||||
U1MxMzAxBgNVBAMTKk5TUyBUZXN0IENBIChSU0EtUFNTIGludmFsaWQgdHJhaWxl
|
||||
ckZpZWxkKTCCAVwwRwYJKoZIhvcNAQEKMDqgDzANBglghkgBZQMEAgEFAKEcMBoG
|
||||
CSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgowQCAhJnA4IBDwAwggEKAoIB
|
||||
AQDgkKJk+PoFpESak7kMQ0w147/xilUZCG7hDGG2uuGTbX8jqy9N9pxzB9sJjgJX
|
||||
yYND0XEmrUQ2Memmy8jufhXML5DekW1tr3Gi2L3VivbIReJZfXk1xDMvNbB/Gjjo
|
||||
SoPyu8C4hnevjgMlmqG3KdMkB+eN6PnBG64YFyki3vnLO5iTNHEBTgFYo0gTX4uK
|
||||
xl0hLtiDL+4K5l7BwVgxZwQF6uHoHjrjjlhkzR0FwjjqR8U0pH20Pb6IlRsFMv07
|
||||
/1GHf+jm34pKb/1ZNzAbiKxYv7YAQUWEZ7e/GSXgA6gbTpV9ueiLkVucUeXN/mXK
|
||||
Tqb4zivi5FaSGVl8SJnqsJXJAgMBAAGjOTA3MBQGCWCGSAGG+EIBAQEB/wQEAwIC
|
||||
BDAPBgNVHRMECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwICBDBHBgkqhkiG9w0BAQow
|
||||
OqAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUA
|
||||
ogMCASCjBAICEmcDggEBAJht9t9p/dlhJtx7ShDvUXyq8N4tCoGKdREM83K/jlW8
|
||||
HxdHOz5PuvZx+UMlaUtqZVIriSCnRtEWkoSo0hWmcv1rp80it2G1zLfLPYdyrPba
|
||||
nQmE1iFb69Wr9dwrX7o/CII+WHQgoIGeFGntZ8YRZTe5+JeiGAlAyZCqUKbl9lhh
|
||||
pCpf1YYxb3VI8mAGVi0jwabWBEbInGBZYH9HP0nK7/Tflk6UY3f4h4Fbkk5D4WZA
|
||||
hFfkebx6Wh90QGiKQhp4/N+dYira8bKvWqqn0VqwzBoJBU/RmMaJVpwqFFvcaUJh
|
||||
uEKUPeQbqkYvj1WJYmy4ettVwi4OZU50+kCaRQhMsFA=
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,24 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIEFzCCAs2gAwIBAgIBATA/BgkqhkiG9w0BAQowMqAOMAwGCCqGSIb3DQIFBQCh
|
||||
GzAZBgkqhkiG9w0BAQgwDAYIKoZIhvcNAgUFAKIDAgEgMH4xCzAJBgNVBAYTAlVT
|
||||
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRIw
|
||||
EAYDVQQKEwlCT0dVUyBOU1MxLjAsBgNVBAMTJU5TUyBUZXN0IENBIChSU0EtUFNT
|
||||
IGludmFsaWQgaGFzaEFsZykwIBcNMTcxMjA3MTQwNjQ0WhgPMjA2ODAxMDcxNDA2
|
||||
NDRaMH4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
|
||||
Ew1Nb3VudGFpbiBWaWV3MRIwEAYDVQQKEwlCT0dVUyBOU1MxLjAsBgNVBAMTJU5T
|
||||
UyBUZXN0IENBIChSU0EtUFNTIGludmFsaWQgaGFzaEFsZykwggEgMAsGCSqGSIb3
|
||||
DQEBCgOCAQ8AMIIBCgKCAQEAtDXA73yTOgs8zVYNMCtuQ9a07UgbfeQbjHp3pkF6
|
||||
7rsC/Q28mrLh+zLkht5e7qU/Qf/8a2ZkcYhPOBAjCzjgIXOdE2lsWvdVujOJLR0x
|
||||
Fesd3hDLRmL6f6momc+j1/Tw3bKyZinaeJ9BFRv9c94SayB3QUe+6+TNJKASwlhj
|
||||
sx6mUsND+h3DkuL77gi7hIUpUXfFSwa+zM69VLhIu+/WRZfG8gfKkCAIGUC3WYJa
|
||||
eU1HgQKfVSXW0ok4ototXWEe9ohU+Z1tO9LJStcY8mMpig7EU9zbpObhG46Sykfu
|
||||
aKsubB9J+gFgwP5Tb85tRYT6SbHeHR6U/N8GBrKdRcomWwIDAQABozwwOjAUBglg
|
||||
hkgBhvhCAQEBAf8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
|
||||
BAMCAgQwPwYJKoZIhvcNAQEKMDKgDjAMBggqhkiG9w0CBQUAoRswGQYJKoZIhvcN
|
||||
AQEIMAwGCCqGSIb3DQIFBQCiAwIBIAOCAQEAjeemeTxh2xrMUJ6Z5Yn2nH2FbcPY
|
||||
fTHJcdfXjfNBkrMl5pe2/lk0JyNuACTuTYFCxdWNRL1coN//h9DSUbF3dpF1ex6D
|
||||
difo+6PwxkO2aPVGPYw4DSivt4SFbn5dKGgVqBQfnmNK7p/iT91AcErg/grRrNL+
|
||||
4jeT0UiRjQYeX9xKJArv+ocIidNpQL3QYxXuBLZxVC92Af69ol7WG8QBRLnFi1p2
|
||||
g6q8hOHqOfB29qnsSo3PkI1yuShOl50tRLbNgyotEfZdk1N3oXvapoBsm/jlcdCT
|
||||
0aKelCSQYYAfyl5PKCpa1lgBm7zfcHSDStMhEEFu/fbnJhqO9g9znj3STQ==
|
||||
-----END CERTIFICATE-----
|
|
@ -1359,7 +1359,7 @@ MODSCRIPT
|
|||
# local shell function to verify small rsa exponent can be used (only
|
||||
# run if FIPS has not been turned on in the build).
|
||||
##############################################################################
|
||||
cert_rsa_exponent()
|
||||
cert_rsa_exponent_nonfips()
|
||||
{
|
||||
echo "$SCRIPTNAME: Verify that small RSA exponents still work =============="
|
||||
CU_ACTION="Attempt to generate a key with exponent of 3"
|
||||
|
@ -2095,6 +2095,20 @@ cert_test_rsapss()
|
|||
certu -A -n "TestCA-rsa-pss-sha1" -t "C,," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
|
||||
-i "${R_CADIR}/TestCA-rsa-pss-sha1.ca.cert" 2>&1
|
||||
|
||||
CU_ACTION="Import Bogus RSA-PSS CA Cert (invalid trailerField)"
|
||||
certu -A -n "TestCA-bogus-rsa-pss1" -t "C,," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
|
||||
-i "${QADIR}/cert/TestCA-bogus-rsa-pss1.crt" 2>&1
|
||||
RETEXPECTED=255
|
||||
certu -V -b 1712101010Z -n TestCA-bogus-rsa-pss1 -u L -e -d "${PROFILEDIR}" -f "${R_PWFILE}" 2>&1
|
||||
RETEXPECTED=0
|
||||
|
||||
CU_ACTION="Import Bogus RSA-PSS CA Cert (invalid hashAlg)"
|
||||
certu -A -n "TestCA-bogus-rsa-pss2" -t "C,," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
|
||||
-i "${QADIR}/cert/TestCA-bogus-rsa-pss2.crt" 2>&1
|
||||
RETEXPECTED=255
|
||||
certu -V -b 1712101010Z -n TestCA-bogus-rsa-pss2 -u L -e -d "${PROFILEDIR}" -f "${R_PWFILE}" 2>&1
|
||||
RETEXPECTED=0
|
||||
|
||||
CERTSERIAL=200
|
||||
|
||||
# Subject certificate: RSA
|
||||
|
@ -2431,16 +2445,12 @@ cert_test_implicit_db_init
|
|||
cert_extended_ssl
|
||||
cert_ssl
|
||||
cert_smime_client
|
||||
if [[ -n "$NSS_TEST_ENABLE_FIPS" ]]; then
|
||||
cert_fips
|
||||
IS_FIPS_DISABLED=`certutil --build-flags |grep -cw NSS_FIPS_DISABLED`
|
||||
if [ $IS_FIPS_DISABLED -ne 0 ]; then
|
||||
cert_rsa_exponent_nonfips
|
||||
else
|
||||
cert_fips
|
||||
fi
|
||||
# We currently have difficulties to know if the build is a non-FIPS build,
|
||||
# because of differences between the "make" and "gyp" build systems.
|
||||
# As soon as we have a reliable way to detect that based on a variable,
|
||||
# we should enable the following test call. See bug 1409516.
|
||||
# if SYMBOL_THAT_TELLS_US_FIPS_IS_DISABLED
|
||||
# cert_rsa_exponent
|
||||
# fi
|
||||
cert_eccurves
|
||||
cert_extensions
|
||||
cert_san_and_generic_extensions
|
||||
|
|
|
@ -23,7 +23,6 @@
|
|||
########################################################################
|
||||
fips_init()
|
||||
{
|
||||
export NSS_TEST_ENABLE_FIPS=1
|
||||
SCRIPTNAME=fips.sh # sourced - $0 would point to all.sh
|
||||
|
||||
if [ -z "${CLEANUP}" ] ; then # if nobody else is responsible for
|
||||
|
|
Загрузка…
Ссылка в новой задаче