ssltool 0.0.10 → 0.0.11

checksums.yaml

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    NDk4MGEwNWRmMjM4NTM0ZDkwNjljYWE5OTk4ZjU3MzU1Y2E0OTM3ZA==
+  data.tar.gz: !binary |-
+    ZDQxNjRlM2U2NjAyMzE2NTQ3OWM3MjI1M2Q1ODcwNGJkZTk3MWQyMQ==
+!binary "U0hBNTEy":
+  metadata.gz: !binary |-
+    ZWRjOTAxNDljZTNiZGRjNWJlMTYxNjY1MzJlYTVkNTlkYjIwNmVmYjlhYmEz
+    Mjk1ODEyZWNiMTViY2NkYjBjOWQ0ZTRhMzQzNGEzMWMzZDU5NDE3NjJlY2Zm
+    YThkNGU3MmY3MDYyZThiZWU5NTdjYTU5MjYyZGU2OTFkMjQwYmQ=
+  data.tar.gz: !binary |-
+    YWU4YTU3MjA0YmQxZjRhMzg2Njc5YWQ1ZTFlZWRlMmZjZjllNmFhNzkyNDc3
+    YmIwMzFiMmQ3M2FjNjc1ZmFmNWNmYTQyODg4ODIyMGMyZjA3OWZjNjI4OGVh
+    ZTcyOTdhNDU5Y2M1Yzk1ODQ4YTk0OGFlMTkyYWMyMGI4ZDAxMDI=

data/README.md

@@ -1,3 +1,28 @@
+# Bootstrapping
+
+This is how we get the list of trusted roots and the intermediates file.
+
+This process has already been done for you, you don't need to repeat it unless you want updated data.
+
+1.  Downloaded an updated list of trusted roots:
+
+        $ SRC="http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1"
+        $ curl -s "$SRC" > var/mozilla-certdata.txt
+        $ bin/bootstrap-trusted-pems-from-mozilla-certdata < var/mozilla-certdata.txt > var/pools/trusted.pem
+
+
+2.  Generate the intermediates pool:
+
+        $ bin/bootstrap-detect-intermediates var/all-the-certs.pem
+
+    The `var/all-the-certs.pem` is a pool of assorted certificates to extract intermediates from. You'll
+    have to compile this file yourself.
+
+    If circular chains are detected, all members of them will be rejected and printed to stderr. You can
+    resolve the cycle manually, and decide which certificate(s) to exclude to break the cycle. Add those
+    to `var/pools/excluded.pem` and generate the intermediates pool again.
+
+
 This readme is very outdated and incomplete now. Enjoy :P
 
 # ssltool-complete-chain
@@ -30,29 +55,3 @@ If the chain is incomplete, untrusted, or the certificate is self-signed, warnin
 
     ### or just pipe that command in:
     $ pbpaste | ssltool-complete-chain
-
-
-
-# Bootstrapping
-
-This is how we get the list of trusted roots and the intermediates file.
-
-This process has already been done for you, you don't need to repeat it unless you want updated data.
-
-1.  Downloaded an updated list of trusted roots:
-
-        $ SRC="http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1"
-        $ curl -s "$SRC" > var/mozilla-certdata.txt
-        $ bin/bootstrap-trusted-pems-from-mozilla-certdata < var/mozilla-certdata.txt > var/pools/trusted.pem
-
-
-2.  Generate the intermediates pool:
-
-        $ bin/bootstrap-detect-intermediates var/all-the-certs.pem
-
-    The `var/all-the-certs.pem` is a pool of assorted certificates to extract intermediates from. You'll
-    have to compile this file yourself.
-
-    If circular chains are detected, all members of them will be rejected and printed to stderr. You can
-    resolve the cycle manually, and decide which certificate(s) to exclude to break the cycle. Add those
-    to `var/pools/excluded.pem` and generate the intermediates pool again.

data/lib/ssltool/chain_resolution.rb

@@ -18,6 +18,15 @@ module SSLTool
 
     class CertificateBundle < Array
       alias_method :to_pem, :join
+
+      def inclusive_take_until
+        self.class.new.tap do |acc|
+          each do |e|
+            acc << e
+            return acc if yield e
+          end
+        end
+      end
     end
 
     def initialize(original_chain, certificate_store)
@@ -32,7 +41,11 @@ module SSLTool
       end
       @base_cert             = @domain_certs.first
       @ordered_chain         = CertificateBundle.new(@base_cert.chain_from(@other_certs)).freeze
-      @resolved_chain        = CertificateBundle.new(@base_cert.chain_from(@certificate_store.combined_trusted_pool)).freeze
+      @resolved_chain        = CertificateBundle.new(@base_cert.chain_from(@certificate_store.combined_trusted_pool))
+                                 .inclusive_take_until { |c| c.certificate_authority? &&
+                                                             c.self_signed? &&
+                                                             @certificate_store.trusted_pool.include?(c) }
+                                 .freeze
       @unused_certs          = CertificateBundle.new(@other_certs - @resolved_chain).freeze
       @domain_names          = @base_cert.domain_names.freeze
       @originally_ordered    = @original_chain == @ordered_chain

data/var/mozilla-certdata.txt

@@ -2,7 +2,7 @@
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
-CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.85 $ $Date: 2012/06/28 13:50:18 $"
+CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.87 $ $Date: 2012/12/29 16:32:45 $"
 
 #
 # certdata.txt
@@ -24422,3 +24422,364 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "T-TeleSec GlobalRoot Class 3"
+#
+# Issuer: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE
+# Serial Number: 1 (0x1)
+# Subject: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE
+# Not Valid Before: Wed Oct 01 10:29:56 2008
+# Not Valid After : Sat Oct 01 23:59:59 2033
+# Fingerprint (MD5): CA:FB:40:A8:4E:39:92:8A:1D:FE:8E:2F:C4:27:EA:EF
+# Fingerprint (SHA1): 55:A6:72:3E:CB:F2:EC:CD:C3:23:74:70:19:9D:2A:BE:11:E3:81:D1
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "T-TeleSec GlobalRoot Class 3"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105
+\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163
+\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040
+\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060
+\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155
+\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045
+\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123
+\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154
+\141\163\163\040\063
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105
+\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163
+\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040
+\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060
+\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155
+\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045
+\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123
+\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154
+\141\163\163\040\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\303\060\202\002\253\240\003\002\001\002\002\001\001
+\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060
+\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163\164
+\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040\123
+\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060\035
+\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155\163
+\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045\060
+\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123\145
+\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154\141
+\163\163\040\063\060\036\027\015\060\070\061\060\060\061\061\060
+\062\071\065\066\132\027\015\063\063\061\060\060\061\062\063\065
+\071\065\071\132\060\201\202\061\013\060\011\006\003\125\004\006
+\023\002\104\105\061\053\060\051\006\003\125\004\012\014\042\124
+\055\123\171\163\164\145\155\163\040\105\156\164\145\162\160\162
+\151\163\145\040\123\145\162\166\151\143\145\163\040\107\155\142
+\110\061\037\060\035\006\003\125\004\013\014\026\124\055\123\171
+\163\164\145\155\163\040\124\162\165\163\164\040\103\145\156\164
+\145\162\061\045\060\043\006\003\125\004\003\014\034\124\055\124
+\145\154\145\123\145\143\040\107\154\157\142\141\154\122\157\157
+\164\040\103\154\141\163\163\040\063\060\202\001\042\060\015\006
+\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017
+\000\060\202\001\012\002\202\001\001\000\275\165\223\360\142\042
+\157\044\256\340\172\166\254\175\275\331\044\325\270\267\374\315
+\360\102\340\353\170\210\126\136\233\232\124\035\115\014\212\366
+\323\317\160\364\122\265\330\223\004\343\106\206\161\101\112\053
+\360\052\054\125\003\326\110\303\340\071\070\355\362\134\074\077
+\104\274\223\075\141\253\116\315\015\276\360\040\047\130\016\104
+\177\004\032\207\245\327\226\024\066\220\320\111\173\241\165\373
+\032\153\163\261\370\316\251\011\054\362\123\325\303\024\104\270
+\206\245\366\213\053\071\332\243\063\124\331\372\162\032\367\042
+\025\034\210\221\153\177\146\345\303\152\200\260\044\363\337\206
+\105\210\375\031\177\165\207\037\037\261\033\012\163\044\133\271
+\145\340\054\124\310\140\323\146\027\077\341\314\124\063\163\221
+\002\072\246\177\173\166\071\242\037\226\266\070\256\265\310\223
+\164\035\236\271\264\345\140\235\057\126\321\340\353\136\133\114
+\022\160\014\154\104\040\253\021\330\364\031\366\322\234\122\067
+\347\372\266\302\061\073\112\324\024\231\255\307\032\365\135\137
+\372\007\270\174\015\037\326\203\036\263\002\003\001\000\001\243
+\102\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060
+\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004
+\003\002\001\006\060\035\006\003\125\035\016\004\026\004\024\265
+\003\367\166\073\141\202\152\022\252\030\123\353\003\041\224\277
+\376\316\312\060\015\006\011\052\206\110\206\367\015\001\001\013
+\005\000\003\202\001\001\000\126\075\357\224\325\275\332\163\262
+\130\276\256\220\255\230\047\227\376\001\261\260\122\000\270\115
+\344\033\041\164\033\176\300\356\136\151\052\045\257\134\326\035
+\332\322\171\311\363\227\051\340\206\207\336\004\131\017\361\131
+\324\144\205\113\231\257\045\004\036\311\106\251\227\336\202\262
+\033\160\237\234\366\257\161\061\335\173\005\245\054\323\271\312
+\107\366\312\362\366\347\255\271\110\077\274\026\267\301\155\364
+\352\011\257\354\363\265\347\005\236\246\036\212\123\121\326\223
+\201\314\164\223\366\271\332\246\045\005\164\171\132\176\100\076
+\202\113\046\021\060\156\341\077\101\307\107\000\065\325\365\323
+\367\124\076\201\075\332\111\152\232\263\357\020\075\346\353\157
+\321\310\042\107\313\314\317\001\061\222\331\030\343\042\276\011
+\036\032\076\132\262\344\153\014\124\172\175\103\116\270\211\245
+\173\327\242\075\226\206\314\362\046\064\055\152\222\235\232\032
+\320\060\342\135\116\004\260\137\213\040\176\167\301\075\225\202
+\321\106\232\073\074\170\270\157\241\320\015\144\242\170\036\051
+\116\223\303\244\124\024\133
+END
+
+# Trust for "T-TeleSec GlobalRoot Class 3"
+# Issuer: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE
+# Serial Number: 1 (0x1)
+# Subject: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE
+# Not Valid Before: Wed Oct 01 10:29:56 2008
+# Not Valid After : Sat Oct 01 23:59:59 2033
+# Fingerprint (MD5): CA:FB:40:A8:4E:39:92:8A:1D:FE:8E:2F:C4:27:EA:EF
+# Fingerprint (SHA1): 55:A6:72:3E:CB:F2:EC:CD:C3:23:74:70:19:9D:2A:BE:11:E3:81:D1
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "T-TeleSec GlobalRoot Class 3"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\125\246\162\076\313\362\354\315\303\043\164\160\031\235\052\276
+\021\343\201\321
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\312\373\100\250\116\071\222\212\035\376\216\057\304\047\352\357
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105
+\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163
+\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040
+\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060
+\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155
+\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045
+\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123
+\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154
+\141\163\163\040\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "EE Certification Centre Root CA"
+#
+# Issuer: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE
+# Serial Number:54:80:f9:a0:73:ed:3f:00:4c:ca:89:d8:e3:71:e6:4a
+# Subject: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE
+# Not Valid Before: Sat Oct 30 10:10:30 2010
+# Not Valid After : Tue Dec 17 23:59:59 2030
+# Fingerprint (MD5): 43:5E:88:D4:7D:1A:4A:7E:FD:84:2E:52:EB:01:D4:6F
+# Fingerprint (SHA1): C9:A8:B9:E7:55:80:5E:58:E3:53:77:A7:25:EB:AF:C3:7B:27:CC:D7
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "EE Certification Centre Root CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\165\061\013\060\011\006\003\125\004\006\023\002\105\105\061
+\042\060\040\006\003\125\004\012\014\031\101\123\040\123\145\162
+\164\151\146\151\164\163\145\145\162\151\155\151\163\153\145\163
+\153\165\163\061\050\060\046\006\003\125\004\003\014\037\105\105
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\103
+\145\156\164\162\145\040\122\157\157\164\040\103\101\061\030\060
+\026\006\011\052\206\110\206\367\015\001\011\001\026\011\160\153
+\151\100\163\153\056\145\145
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\165\061\013\060\011\006\003\125\004\006\023\002\105\105\061
+\042\060\040\006\003\125\004\012\014\031\101\123\040\123\145\162
+\164\151\146\151\164\163\145\145\162\151\155\151\163\153\145\163
+\153\165\163\061\050\060\046\006\003\125\004\003\014\037\105\105
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\103
+\145\156\164\162\145\040\122\157\157\164\040\103\101\061\030\060
+\026\006\011\052\206\110\206\367\015\001\011\001\026\011\160\153
+\151\100\163\153\056\145\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\124\200\371\240\163\355\077\000\114\312\211\330\343\161
+\346\112
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\003\060\202\002\353\240\003\002\001\002\002\020\124
+\200\371\240\163\355\077\000\114\312\211\330\343\161\346\112\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\165
+\061\013\060\011\006\003\125\004\006\023\002\105\105\061\042\060
+\040\006\003\125\004\012\014\031\101\123\040\123\145\162\164\151
+\146\151\164\163\145\145\162\151\155\151\163\153\145\163\153\165
+\163\061\050\060\046\006\003\125\004\003\014\037\105\105\040\103
+\145\162\164\151\146\151\143\141\164\151\157\156\040\103\145\156
+\164\162\145\040\122\157\157\164\040\103\101\061\030\060\026\006
+\011\052\206\110\206\367\015\001\011\001\026\011\160\153\151\100
+\163\153\056\145\145\060\042\030\017\062\060\061\060\061\060\063
+\060\061\060\061\060\063\060\132\030\017\062\060\063\060\061\062
+\061\067\062\063\065\071\065\071\132\060\165\061\013\060\011\006
+\003\125\004\006\023\002\105\105\061\042\060\040\006\003\125\004
+\012\014\031\101\123\040\123\145\162\164\151\146\151\164\163\145
+\145\162\151\155\151\163\153\145\163\153\165\163\061\050\060\046
+\006\003\125\004\003\014\037\105\105\040\103\145\162\164\151\146
+\151\143\141\164\151\157\156\040\103\145\156\164\162\145\040\122
+\157\157\164\040\103\101\061\030\060\026\006\011\052\206\110\206
+\367\015\001\011\001\026\011\160\153\151\100\163\153\056\145\145
+\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001
+\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001
+\000\310\040\300\354\340\305\113\253\007\170\225\363\104\356\373
+\013\014\377\164\216\141\273\261\142\352\043\330\253\241\145\062
+\172\353\216\027\117\226\330\012\173\221\242\143\154\307\214\114
+\056\171\277\251\005\374\151\134\225\215\142\371\271\160\355\303
+\121\175\320\223\346\154\353\060\113\341\274\175\277\122\233\316
+\156\173\145\362\070\261\300\242\062\357\142\262\150\340\141\123
+\301\066\225\377\354\224\272\066\256\234\034\247\062\017\345\174
+\264\306\157\164\375\173\030\350\254\127\355\006\040\113\062\060
+\130\133\375\315\250\346\241\374\160\274\216\222\163\333\227\247
+\174\041\256\075\301\365\110\207\154\047\275\237\045\164\201\125
+\260\367\165\366\075\244\144\153\326\117\347\316\100\255\017\335
+\062\323\274\212\022\123\230\311\211\373\020\035\115\176\315\176
+\037\126\015\041\160\205\366\040\203\037\366\272\037\004\217\352
+\167\210\065\304\377\352\116\241\213\115\077\143\033\104\303\104
+\324\045\166\312\267\215\327\036\112\146\144\315\134\305\234\203
+\341\302\010\210\232\354\116\243\361\076\034\054\331\154\035\241
+\113\002\003\001\000\001\243\201\212\060\201\207\060\017\006\003
+\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006
+\003\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006
+\003\125\035\016\004\026\004\024\022\362\132\076\352\126\034\277
+\315\006\254\361\361\045\311\251\113\324\024\231\060\105\006\003
+\125\035\045\004\076\060\074\006\010\053\006\001\005\005\007\003
+\002\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001
+\005\005\007\003\003\006\010\053\006\001\005\005\007\003\004\006
+\010\053\006\001\005\005\007\003\010\006\010\053\006\001\005\005
+\007\003\011\060\015\006\011\052\206\110\206\367\015\001\001\005
+\005\000\003\202\001\001\000\173\366\344\300\015\252\031\107\267
+\115\127\243\376\255\273\261\152\325\017\236\333\344\143\305\216
+\241\120\126\223\226\270\070\300\044\042\146\274\123\024\141\225
+\277\320\307\052\226\071\077\175\050\263\020\100\041\152\304\257
+\260\122\167\030\341\226\330\126\135\343\335\066\136\035\247\120
+\124\240\305\052\344\252\214\224\212\117\235\065\377\166\244\006
+\023\221\242\242\175\000\104\077\125\323\202\074\032\325\133\274
+\126\114\042\056\106\103\212\044\100\055\363\022\270\073\160\032
+\244\226\271\032\257\207\101\032\152\030\015\006\117\307\076\156
+\271\051\115\015\111\211\021\207\062\133\346\113\004\310\344\134
+\346\164\163\224\135\026\230\023\225\376\373\333\261\104\345\072
+\160\254\067\153\346\263\063\162\050\311\263\127\240\366\002\026
+\210\006\013\266\246\113\040\050\324\336\075\213\255\067\005\123
+\164\376\156\314\274\103\027\161\136\371\305\314\032\251\141\356
+\367\166\014\363\162\364\162\255\317\162\002\066\007\107\317\357
+\031\120\211\140\314\351\044\225\017\302\313\035\362\157\166\220
+\307\314\165\301\226\305\235
+END
+
+# Trust for "EE Certification Centre Root CA"
+# Issuer: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE
+# Serial Number:54:80:f9:a0:73:ed:3f:00:4c:ca:89:d8:e3:71:e6:4a
+# Subject: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE
+# Not Valid Before: Sat Oct 30 10:10:30 2010
+# Not Valid After : Tue Dec 17 23:59:59 2030
+# Fingerprint (MD5): 43:5E:88:D4:7D:1A:4A:7E:FD:84:2E:52:EB:01:D4:6F
+# Fingerprint (SHA1): C9:A8:B9:E7:55:80:5E:58:E3:53:77:A7:25:EB:AF:C3:7B:27:CC:D7
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "EE Certification Centre Root CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\311\250\271\347\125\200\136\130\343\123\167\247\045\353\257\303
+\173\047\314\327
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\103\136\210\324\175\032\112\176\375\204\056\122\353\001\324\157
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\165\061\013\060\011\006\003\125\004\006\023\002\105\105\061
+\042\060\040\006\003\125\004\012\014\031\101\123\040\123\145\162
+\164\151\146\151\164\163\145\145\162\151\155\151\163\153\145\163
+\153\165\163\061\050\060\046\006\003\125\004\003\014\037\105\105
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\103
+\145\156\164\162\145\040\122\157\157\164\040\103\101\061\030\060
+\026\006\011\052\206\110\206\367\015\001\011\001\026\011\160\153
+\151\100\163\153\056\145\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\124\200\371\240\163\355\077\000\114\312\211\330\343\161
+\346\112
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+# Explicitly Distrust "TURKTRUST Mis-issued Intermediate CA 1", Bug 825022
+# Issuer: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,C=TR,CN=T..RKTRUST Elektronik Sunucu Sertifikas.. Hizmetleri
+# Serial Number: 2087 (0x827)
+# Subject: CN=*.EGO.GOV.TR,OU=EGO BILGI ISLEM,O=EGO,L=ANKARA,ST=ANKARA,C=TR
+# Not Valid Before: Mon Aug 08 07:07:51 2011
+# Not Valid After : Tue Jul 06 07:07:51 2021
+# Fingerprint (MD5): F8:F5:25:FF:0C:31:CF:85:E1:0C:86:17:C1:CE:1F:8E
+# Fingerprint (SHA1): C6:9F:28:C8:25:13:9E:65:A6:46:C4:34:AC:A5:A1:D2:00:29:5D:B1
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "TURKTRUST Mis-issued Intermediate CA 1"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\254\061\075\060\073\006\003\125\004\003\014\064\124\303
+\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157
+\156\151\153\040\123\165\156\165\143\165\040\123\145\162\164\151
+\146\151\153\141\163\304\261\040\110\151\172\155\145\164\154\145
+\162\151\061\013\060\011\006\003\125\004\006\023\002\124\122\061
+\136\060\134\006\003\125\004\012\014\125\124\303\234\122\113\124
+\122\125\123\124\040\102\151\154\147\151\040\304\260\154\145\164
+\151\305\237\151\155\040\166\145\040\102\151\154\151\305\237\151
+\155\040\107\303\274\166\145\156\154\151\304\237\151\040\110\151
+\172\155\145\164\154\145\162\151\040\101\056\305\236\056\040\050
+\143\051\040\113\141\163\304\261\155\040\040\062\060\060\065
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\002\010\047
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+# Explicitly Distrust "TURKTRUST Mis-issued Intermediate CA 2", Bug 825022
+# Issuer: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,C=TR,CN=T..RKTRUST Elektronik Sunucu Sertifikas.. Hizmetleri
+# Serial Number: 2148 (0x864)
+# Subject: E=ileti@kktcmerkezbankasi.org,CN=e-islem.kktcmerkezbankasi.org,O=KKTC Merkez Bankasi,L=Lefkosa,ST=Lefkosa,C=TR
+# Not Valid Before: Mon Aug 08 07:07:51 2011
+# Not Valid After : Thu Aug 05 07:07:51 2021
+# Fingerprint (MD5): BF:C3:EC:AD:0F:42:4F:B4:B5:38:DB:35:BF:AD:84:A2
+# Fingerprint (SHA1): F9:2B:E5:26:6C:C0:5D:B2:DC:0D:C3:F2:DC:74:E0:2D:EF:D9:49:CB
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "TURKTRUST Mis-issued Intermediate CA 2"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\254\061\075\060\073\006\003\125\004\003\014\064\124\303
+\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157
+\156\151\153\040\123\165\156\165\143\165\040\123\145\162\164\151
+\146\151\153\141\163\304\261\040\110\151\172\155\145\164\154\145
+\162\151\061\013\060\011\006\003\125\004\006\023\002\124\122\061
+\136\060\134\006\003\125\004\012\014\125\124\303\234\122\113\124
+\122\125\123\124\040\102\151\154\147\151\040\304\260\154\145\164
+\151\305\237\151\155\040\166\145\040\102\151\154\151\305\237\151
+\155\040\107\303\274\166\145\156\154\151\304\237\151\040\110\151
+\172\155\145\164\154\145\162\151\040\101\056\305\236\056\040\050
+\143\051\040\113\141\163\304\261\155\040\040\062\060\060\065
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\002\010\144
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE