Bug 1621159 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Consorci AOC, GRCA, and SK ID root certs. r=jcj
authorBenjamin Beurdouche <bbeurdouche@mozilla.com>
Wed, 27 May 2020 21:35:30 +0000
changeset 15634 4d1b7bbeebfe12cb16b2af74cfec4183637014cc
parent 15633 661e3e3f6ba515a36fc97038164979a216c9f87b
child 15635 8bfb386f459fbb3c091d41478f24ef5b25c3a224
push id3754
push userkjacobs@mozilla.com
push dateThu, 28 May 2020 19:31:23 +0000
reviewersjcj
bugs1621159
Bug 1621159 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Consorci AOC, GRCA, and SK ID root certs. r=jcj Differential Revision: https://phabricator.services.mozilla.com/D77065
lib/ckfw/builtins/certdata.txt
--- a/lib/ckfw/builtins/certdata.txt
+++ b/lib/ckfw/builtins/certdata.txt
@@ -4126,17 +4126,20 @@ CKA_VALUE MULTILINE_OCTAL
 \220\124\221\003\074\107\345\325\311\145\340\267\113\175\354\107
 \323\263\013\076\255\236\320\164\000\016\353\275\121\255\300\336
 \054\300\303\152\376\357\334\013\247\372\106\337\140\333\234\246
 \131\120\165\043\151\163\223\262\371\374\002\323\107\346\161\316
 \020\002\356\047\214\204\377\254\105\015\023\134\203\062\340\045
 \245\206\054\174\364\022
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+# For Server Distrust After: Thu Sep 19 00:00:00 2019
+CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL
+\061\071\060\071\061\071\060\060\060\060\060\060\132
+END
 CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "Taiwan GRCA"
 # Issuer: O=Government Root Certification Authority,C=TW
 # Serial Number:1f:9d:59:5a:d7:2f:c2:06:44:a5:80:08:69:e3:5e:f6
 # Subject: O=Government Root Certification Authority,C=TW
 # Not Valid Before: Thu Dec 05 13:23:33 2002
 # Not Valid After : Sun Dec 05 13:23:33 2032
@@ -11575,17 +11578,20 @@ CKA_VALUE MULTILINE_OCTAL
 \210\277\102\325\053\075\345\371\272\236\056\263\312\364\163\222
 \002\013\276\114\146\353\040\376\271\313\265\231\177\346\266\023
 \372\312\113\115\331\356\123\106\006\073\306\116\255\223\132\201
 \176\154\052\113\152\005\105\214\362\041\244\061\220\207\154\145
 \234\235\245\140\225\072\122\177\365\321\253\010\156\363\356\133
 \371\210\075\176\270\157\156\003\344\102
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+# For Server Distrust After: Sat Dec 28 00:00:00 2019
+CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL
+\061\071\061\062\062\070\060\060\060\060\060\060\132
+END
 CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "EC-ACC"
 # Issuer: CN=EC-ACC,OU=Jerarquia Entitats de Certificacio Catalanes,OU=Vegeu https://www.catcert.net/verarrel (c)03,OU=Serveis Publics de Certificacio,O=Agencia Catalana de Certificacio (NIF Q-0801176-I),C=ES
 # Serial Number:ee:2b:3d:eb:d4:21:de:14:a8:62:ac:04:f3:dd:c4:01
 # Subject: CN=EC-ACC,OU=Jerarquia Entitats de Certificacio Catalanes,OU=Vegeu https://www.catcert.net/verarrel (c)03,OU=Serveis Publics de Certificacio,O=Agencia Catalana de Certificacio (NIF Q-0801176-I),C=ES
 # Not Valid Before: Tue Jan 07 23:00:00 2003
 # Not Valid After : Tue Jan 07 22:59:59 2031
@@ -12729,17 +12735,20 @@ CKA_VALUE MULTILINE_OCTAL
 \160\254\067\153\346\263\063\162\050\311\263\127\240\366\002\026
 \210\006\013\266\246\113\040\050\324\336\075\213\255\067\005\123
 \164\376\156\314\274\103\027\161\136\371\305\314\032\251\141\356
 \367\166\014\363\162\364\162\255\317\162\002\066\007\107\317\357
 \031\120\211\140\314\351\044\225\017\302\313\035\362\157\166\220
 \307\314\165\301\226\305\235
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+# For Server Distrust After: Fri Sep 01 00:00:00 2017
+CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL
+\061\067\060\071\060\061\060\060\060\060\060\060\132
+END
 CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "EE Certification Centre Root CA"
 # Issuer: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE
 # Serial Number:54:80:f9:a0:73:ed:3f:00:4c:ca:89:d8:e3:71:e6:4a
 # Subject: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE
 # Not Valid Before: Sat Oct 30 10:10:30 2010
 # Not Valid After : Tue Dec 17 23:59:59 2030