[Pidgin] #16835: Root certificate requests

Pidgin trac at pidgin.im
Sat Jun 18 20:03:10 EDT 2016 

#16835: Root certificate requests
---------------------+------------------------
 Reporter:  dx       |       Owner:
     Type:  defect   |      Status:  closed
Milestone:  2.10.13  |   Component:  libpurple
  Version:  2.10.11  |  Resolution:  fixed
 Keywords:           |
---------------------+------------------------
Changes (by dx <dx@…>):

 * status:  new => closed
 * resolution:   => fixed
 * milestone:   => 2.10.13


Comment:

 (In [d37d62d692e4]):[[BR]]
 ca-certs: Add mozilla cert bundle and remove old/redundant certs

 Fixes #16835

 The bundle comes from https://curl.haxx.se/ca/cacert-2016-04-20.pem

 It can be validated by regenerating it with mk-ca-bundle as mentioned in
 https://curl.haxx.se/docs/caextract.html

 Deleted, not in the bundle:

 - Verisign_Class3_Primary_CA.pem
 - VeriSign_Class_3_Primary_CA-G2.pem
     - obsolete roots of verisign, the former has a md2 signature
 - VeriSign_International_Server_Class_3_CA.pem
     - reissued version of intermediate for the md2 signed root above
     - added in 2853720ef300 (2009) for AOL
 - America_Online_Root_Certification_Authority_1.pem
 - AOL_Member_CA.pem
     - both removed from mozilla store as requested by AOL
     - https://bugzilla.mozilla.org/show_bug.cgi?id=1083294
 - Microsoft_Internet_Authority_2010.pem
 - Microsoft_Secure_Server_Authority_2010.pem
     - added in 28e34623a3f5 (2010) for omega.contacts.msn.com
 - Thawte_Premium_Server_CA.pem
     - added in 9fbe6f412d24 (2009) for gmx.net

 Deleted, already in the bundle:

 - VeriSign_Class_3_Primary_CA-G5.pem
 - VeriSign_Class_3_Primary_CA-G5-2.pem
 - AddTrust_External_Root.pem
 - Baltimore_CyberTrust_Root.pem
 - Certum_Root_CA.pem
 - Certum_Trusted_Network_CA.pem
 - Deutsche_Telekom_Root_CA_2.pem
 - DigiCertHighAssuranceEVRootCA.pem
 - Go_Daddy_Class_2_CA.pem
 - StartCom_Certification_Authority.pem
 - Thawte_Primary_Root_CA.pem

 Deleted intermediates with issuer in the bundle:

 - VeriSign_Class3_Extended_Validation_CA.pem
     - added in 605c63e4f04e (2009) for login.live.com
 - DigiCertHighAssuranceCA-3.pem
     - added in 6ec6c9540e46 (2011) for facebook xmpp

 Kept, but not in the bundle:

 - CAcert_Class3.pem
 - CAcert_Root.pem
     - reluctantly
 - Equifax_Secure_CA.pem
 - Equifax_Secure_Global_eBusiness_CA-1.pem
 - Entrust.net_Secure_Server_CA.pem
 - Entrust.net_2048.pem
 - GTE_CyberTrust_Global_Root.pem
 - ValiCert_Class_2_VA.pem
     - these are in some versions of the mozilla store, but not in the
 version
       filtered by curl's script
     - apparently disabled because they are 1024bit
     - https://community.qualys.com/thread/14998
     - https://bugzilla.mozilla.org/show_bug.cgi?id=936304

--
Ticket URL: <https://developer.pidgin.im/ticket/16835#comment:16>
Pidgin <https://pidgin.im>
Pidgin

More information about the Tracker mailing list