…16a4c7c2

…ion 1f84dea6508d

…mlink in Scratchbox

Add a tool and instructions for updating the root CA store
Update the root CA store to match the Mozilla certdata.txt file from the mozilla-central repositiory at revision 64df3815df9c

…ar first. Fixes supl.nokia.com not working

Signed-off-by: Ivaylo Dimitrov <freemangordon@abv.bg>

Added the two wrongly issued intermediate certificates
from TÜRKTRUST

Added the two compromised Malaysian signing certs to the
blacklist.

Added the installing of the blacklist certificate store.
This commit finalizes the blacklisting feature, which
according to preliminary testing appears to work as
intended.

Added explicit blacklisting of compromised or rogue
certificates following the Mozilla model. A new shared
cert domain "blacklist" now contains all blocker certs from
Mozilla's built-in certdata.txt as in changeset 76451:cf1ba8f0dbf7
Sep 02. See Mozilla bug 683261 for further information.
  The downside is that the blacklisted certificates appear
in the settings applet as if they were valid since it shows the
contents of all domains regardless of their type the same way.
This must be fixed in the maemo-security-certificates-applet.

The latest scratchbox toolkit has a bit stricter compiler
than before.

Contains update of the common-ca root CA, including the
removal of the compromised DigiNotar root. Also several
backported fixes from Harmattan.

Fixed a biggish memory leak in iterate_certs
(aegis-certman commit ce648d Oct 27 2010)
Prevent eternal loops with cross-signed certs
(-"- 6200345 and d4357cb Feb 09,10 2011)
Fixed compiler errors with newer OpenSSL
(-"- 9d61d27 Feb 02 2011)
Don't return error when reading a private kea with cmcli
(-"- 048f84c Jan 18 2011)

Backported fix for NB#223086 from Harmattan. Verisign has
issued two different versions of two of their roots (public
key fingerprints 00d85a4c25c12... and f3a27298eeb81...) that
use the same public keys. This fix is needed to have both
versions in the common-ca.

Most importantly removed the compromised DigiNotar CA.
Also removed expired roots and add the new roots from
the Mozilla set.

Forgot that in Fremantle the index file has to be updated
manually. This version is now tested in my N900.

Updated the common-ca equal to security/nss/lib/ckfw/builtins/certdata.txt
version 1.62.2.6 (changeset 58967:0f28e112a6b6)
from hg.mozilla.org/mozilla-central/.

a crash if not all certificates can be fetched from the store.
This can be caused by a broken store or similar causes. This fixes
MB#10423.

also to "-i" when using "-e".

certificates to stdout.

if all other fields are missing.

debug output.

security/nss/lib/ckfw/builtins/certdata.txt fetched from
hg.mozilla.org's trunk 2009-12-08.

directory.