DJ Lucas
9291cf9319
make-ca.conf.dist: remove link to aurora
2022-12-27 20:12:26 -06:00
DJ Lucas
5fec9b5317
CS.txt: Update to latestest list of Microsoft certs.
2022-12-27 20:10:32 -06:00
DJ Lucas
6eee45ffc9
CHANGELOG: add missing changelog entries.
2022-12-27 20:07:18 -06:00
DJ Lucas
327c7e9306
make-ca{,.conf.dist}: set nss tree to default source and introduce workaround for p11-kit mishandling of nss-{email,server}-distrust-after values.
2022-12-21 23:10:22 -06:00
DJ Lucas
dac19a3cf1
make-ca: Keep upstream formatting and remove Opnessl data
2022-11-25 11:17:50 -06:00
DJ Lucas
10d6241bd2
make-ca: post-release version bump
2022-11-23 10:55:18 -06:00
DJ Lucas
0b408bda43
Update CHANGELOG
2022-11-23 10:06:27 -06:00
DJ Lucas
1528fdd47c
update-mscertsign.sh: Fix ouput error in script
2022-11-23 10:01:26 -06:00
DJ Lucas
55f8847147
Update CS.txt
...
Fix comment
2022-11-23 09:59:56 -06:00
DJ Lucas
62ce400648
Update CS.txt before release
2022-11-23 09:59:23 -06:00
DJ Lucas
accd6b49fb
Merge pull request #22 from xry111/ship-mozilla-ca-root
...
verify hg.mozilla.org with bundled CA root
2022-11-23 08:31:07 -06:00
Xi Ruoyao
d3562bc2f0
verify hg.mozilla.org with bundled CA root
...
Before this, make-ca does not verify the certificate of hg.mozilla.org
at all. It makes sense as make-ca often runs on systems without trust
anchor. But, a MIM can easily fake hg.mozilla.org and completely hijack
the trust anchor of a BLFS system.
To improve the situation, we ship the certificate of the CA root for
hg.mozilla.org (DigiCert Global Root CA) in the make-ca package, and use
it to verify hg.mozilla.org.
2022-01-31 19:07:08 +08:00
DJ Lucas
3093851fdd
Update CHANGELOG
2022-01-10 00:17:38 -06:00
DJ Lucas
76fa47f5d0
Don't install systemd timers on non-systemd
...
Fixes #18
2022-01-10 00:16:47 -06:00
DJ Lucas
a7ceb85300
Update CS.txt (no changes since last release)
2022-01-10 00:12:39 -06:00
DJ Lucas
23daa436c8
Merge pull request #20 from xry111/fix-19
...
make-ca: use --filter=ca-anchors for all stores
2022-01-09 22:56:51 -06:00
Xi Ruoyao
151af87198
make-ca: use --filter=ca-anchors for all stores
...
Fixes #19 .
2022-01-09 00:00:22 +08:00
DJ Lucas
6d1c729972
CHANGELOG: all current updates.
2021-09-16 18:56:59 -05:00
DJ Lucas
92dbb064c5
CS.txt,update-mscertsign.sh: Add update script for CS.txt now that MS has update CCADB.
2021-09-16 18:56:30 -05:00
DJ Lucas
1ff5a0a672
make-ca: Update help text for -i/--mscodesign switch.
2021-09-13 22:05:16 -05:00
DJ Lucas
4ee256bfb9
README,Makefile: move distfiles to /etc/make-ca.
...
Closes #16 .
2021-09-13 22:01:58 -05:00
DJ Lucas
c3620b3636
make-ca: guard overrides on first run.
...
Closes #17 .
2021-09-13 21:50:21 -05:00
DJ Lucas
c22c228e3e
Update README
2021-09-13 21:16:41 -05:00
DJ Lucas
aacfcb6b69
make-ca,CHANGELOG: Post-release version bump.
2021-08-29 23:46:04 -05:00
DJ Lucas
1ba7f4319b
make-ca: bump version.
2021-08-29 23:33:15 -05:00
DJ Lucas
79082f4814
Changelog
2021-08-29 23:32:18 -05:00
DJ Lucas
3eca3a7dba
make-ca: set default for code signing to 0.
2021-08-29 23:31:20 -05:00
DJ Lucas
4bbde9a90b
make-ca: Remove unneeded variable (leftover from testing).
2021-08-09 22:17:29 -05:00
DJ Lucas
b138f67112
make-ca: Backup and restore anchors with PKIX extensions.
2021-08-09 22:14:46 -05:00
DJ Lucas
c2a3d1d837
make-ca: Fix typo.
2021-08-08 22:32:37 -05:00
DJ Lucas
c41b7f3d4b
Makefile,make-ca: Use Microsoft's trust for code signing with -i | --mscodesign.
2021-08-08 11:03:12 -05:00
DJ Lucas
53ac95f8fd
make-ca: remove workarounds and use certdata.txt values first, remove trailing spaces from x509 Subject derived p11label.
2021-08-08 00:26:59 -05:00
DJ Lucas
2c1da33970
make-ca: Special case for poorly named 'NetLock Arany' certs.
2021-08-07 20:16:17 -05:00
DJ Lucas
6e7e5a391c
CHANGELOG: yet another typo.
2021-08-07 20:01:19 -05:00
DJ Lucas
5d764d2756
CHANGELOG: typo
2021-08-07 19:59:16 -05:00
DJ Lucas
3fc0a03bb5
:-) Properly thank miijoost for forcing me to fix all of the issues in get_p11_label().
2021-08-07 19:58:24 -05:00
DJ Lucas
47d1fea7c4
CHANGELOG: clarify changes.
2021-08-07 19:53:35 -05:00
DJ Lucas
94c44961b8
make-ca: Revert change to use p11label for naming anchors.
2021-08-07 19:37:23 -05:00
DJ Lucas
0ea74dd846
make-ca: Additional normalizaton of p11label and fix a few corner cases. Thank you to Michael Joost for brining the issue to my attention.
2021-08-07 19:34:33 -05:00
DJ Lucas
e02c930e6c
make-ca: Fix DESTDIR if using a relative path.
2021-08-07 19:32:18 -05:00
DJ Lucas
51ffa79fa4
Fix help output for -a/--anchordir.
2021-08-07 01:48:22 -05:00
DJ Lucas
c79ee2ff79
make-ca: Handle getopt style short options in get_args().
2021-08-07 00:40:39 -05:00
DJ Lucas
de5bf4a332
CS.txt: Updated code signing list
2021-08-06 23:31:39 -05:00
DJ Lucas
f3913cb756
make-ca: minor text fixups to assiste with man-page output.
2021-08-05 23:56:09 -05:00
DJ Lucas
6938b0f70e
README: change comment.
2021-08-05 23:34:27 -05:00
DJ Lucas
16c01c3249
make-ca: don't copy use -v when instaling cacerts.p12.
2021-08-05 23:28:54 -05:00
DJ Lucas
f7a8c9f2f3
README,include.h2m: Sync documentation and fix typos.
2021-08-05 22:43:41 -05:00
DJ Lucas
8baf93dc22
make-ca: Use p11label value and .p11-kit extension for anchor naming.
2021-08-05 22:31:13 -05:00
DJ Lucas
0faf62233b
copy-trust-modifications: Use X509v3 Key Usage section to determine local trust for anchros added using tust utiltiy.
2021-08-05 22:27:20 -05:00
DJ Lucas
62864a82a5
LICENSE,CHANGELOG: Fix grammar and typos.
2021-08-05 20:48:55 -05:00