Skip to content

Support CKA_NSS_SERVER_DISTRUST_AFTER in mk-ca-bundle.pl #4834

Closed
sthagen/curl-curl
#58
@tiran

Description

@tiran

The script mk-ca-bundle.pl generates a CA bundle from Mozilla NSS's certdata.txt. Recently Mozilla has introduced two new fields. The new fields CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER encode a date after which the certificates are considered distrusted.

mk-ca-bundle.pl should not add certs that have CKA_NSS_SERVER_DISTRUST_AFTER after the current date. The field is either a CK_BBOOL with value CK_FALSE or a MULTILINE_OCTAL that encodes the date as octal string "YYMMDDHHMMSSZ", e.g. \062\060\060\066\061\067\060\060\060\060\060\060\132 == 200617000000Z == 2020-06-17 00:00:00Z.

https://bugzilla.mozilla.org/show_bug.cgi?id=1465613

Metadata

Metadata

Assignees

Labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions