Closed
Description
The script mk-ca-bundle.pl
generates a CA bundle from Mozilla NSS's certdata.txt. Recently Mozilla has introduced two new fields. The new fields CKA_NSS_SERVER_DISTRUST_AFTER
and CKA_NSS_EMAIL_DISTRUST_AFTER
encode a date after which the certificates are considered distrusted.
mk-ca-bundle.pl
should not add certs that have CKA_NSS_SERVER_DISTRUST_AFTER
after the current date. The field is either a CK_BBOOL
with value CK_FALSE
or a MULTILINE_OCTAL
that encodes the date as octal string "YYMMDDHHMMSSZ", e.g. \062\060\060\066\061\067\060\060\060\060\060\060\132
== 200617000000Z
== 2020-06-17 00:00:00Z.