diff --git a/patches/node/.patches b/patches/node/.patches index 52c1e33e7dd60..5df0265a78c5b 100644 --- a/patches/node/.patches +++ b/patches/node/.patches @@ -46,3 +46,7 @@ http2_implement_support_for_max_settings_entries.patch deps_update_nghttp2_to_1_40_0.patch deps_update_nghttp2_to_1_41_0.patch napi_fix_memory_corruption_vulnerability.patch +tools_update_certdata_txt_to_nss_3_47.patch +crypto_update_root_certificates_to_nss_3_47.patch +tools_update_certdata_txt_to_nss_3_53.patch +crypto_update_root_certificates_to_nss_3_53.patch diff --git a/patches/node/crypto_update_root_certificates_to_nss_3_47.patch b/patches/node/crypto_update_root_certificates_to_nss_3_47.patch new file mode 100644 index 0000000000000..a08e4c524fdaa --- /dev/null +++ b/patches/node/crypto_update_root_certificates_to_nss_3_47.patch @@ -0,0 +1,83 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: AshCripps +Date: Thu, 31 Oct 2019 11:15:07 +0000 +Subject: crypto: update root certificates to NSS 3.47 + +Update the list of root certificates in src/node_root_certs.h with +tools/mk-ca-bundle.pl. + +Certificates added: + +Certificates removed: +- Certplus Class 2 Primary CA +- Deutsche Telekom Root CA 2 + +PR-URL: https://github.com/nodejs/node/pull/30195 +Reviewed-By: Sam Roberts +Reviewed-By: David Carlier +Reviewed-By: Beth Griggs +Reviewed-By: Ben Noordhuis +Reviewed-By: Colin Ihrig +Reviewed-By: Franziska Hinkelmann + +diff --git a/src/node_root_certs.h b/src/node_root_certs.h +index a5032d645202fde30c3e9076e842b7644ec6e48a..bc08910c77ad4c9d1121614aa9b97eed0433175c 100644 +--- a/src/node_root_certs.h ++++ b/src/node_root_certs.h +@@ -574,27 +574,6 @@ + "yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep+OkuE6N36B9K\n" + "-----END CERTIFICATE-----", + +-/* Certplus Class 2 Primary CA */ +-"-----BEGIN CERTIFICATE-----\n" +-"MIIDkjCCAnqgAwIBAgIRAIW9S/PY2uNp9pTXX8OlRCMwDQYJKoZIhvcNAQEFBQAwPTELMAkG\n" +-"A1UEBhMCRlIxETAPBgNVBAoTCENlcnRwbHVzMRswGQYDVQQDExJDbGFzcyAyIFByaW1hcnkg\n" +-"Q0EwHhcNOTkwNzA3MTcwNTAwWhcNMTkwNzA2MjM1OTU5WjA9MQswCQYDVQQGEwJGUjERMA8G\n" +-"A1UEChMIQ2VydHBsdXMxGzAZBgNVBAMTEkNsYXNzIDIgUHJpbWFyeSBDQTCCASIwDQYJKoZI\n" +-"hvcNAQEBBQADggEPADCCAQoCggEBANxQltAS+DXSCHh6tlJw/W/uz7kRy1134ezpfgSN1sxv\n" +-"c0NXYKwzCkTsA18cgCSR5aiRVhKC9+Ar9NuuYS6JEI1rbLqzAr3VNsVINyPi8Fo3UjMXEuLR\n" +-"YE2+L0ER4/YXJQyLkcAbmXuZVg2v7tK8R1fjeUl7NIknJITesezpWE7+Tt9avkGtrAjFGA7v\n" +-"0lPubNCdEgETjdyAYveVqUSISnFOYFWe2yMZeVYHDD9jC1yw4r5+FfyUM1hBOHTE4Y+L3yas\n" +-"H7WLO7dDWWuwJKZtkIvEcupdM5i3y95ee++U8Rs+yskhwcWYAqqi9lt3m/V+llU0HGdpwPFC\n" +-"40es/CgcZlUCAwEAAaOBjDCBiTAPBgNVHRMECDAGAQH/AgEKMAsGA1UdDwQEAwIBBjAdBgNV\n" +-"HQ4EFgQU43Mt38sOKAze3bOkynm4jrvoMIkwEQYJYIZIAYb4QgEBBAQDAgEGMDcGA1UdHwQw\n" +-"MC4wLKAqoCiGJmh0dHA6Ly93d3cuY2VydHBsdXMuY29tL0NSTC9jbGFzczIuY3JsMA0GCSqG\n" +-"SIb3DQEBBQUAA4IBAQCnVM+IRBnL39R/AN9WM2K191EBkOvDP9GIROkkXe/nFL0gt5o8AP5t\n" +-"n9uQ3Nf0YtaLcF3n5QRIqWh8yfFC82x/xXp8HVGIutIKPidd3i1RTtMTZGnkLuPT55sJmabg\n" +-"lZvOGtd/vjzOUrMRFcEPF80Du5wlFbqidon8BvEY0JNLDnyCt6X09l/+7UCmnYR0ObncHoUW\n" +-"2ikbhiMAybuJfm6AiB4vFLQDJKgybwOaRywwvlbGp0ICcBvqQNi6BQNwB6SW//1IMwrh3KWB\n" +-"kJtN3X3n57LNXMhqlfil9o3EXXgIvnsG1knPGTZQIy4I5p4FTUcY1Rbpsda2ENW7l7+ijrRU\n" +-"-----END CERTIFICATE-----", +- + /* DST Root CA X3 */ + "-----BEGIN CERTIFICATE-----\n" + "MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYD\n" +@@ -904,28 +883,6 @@ + "vkHve52Xdf+XlcCWWC/qu0bXu+TZLg==\n" + "-----END CERTIFICATE-----", + +-/* Deutsche Telekom Root CA 2 */ +-"-----BEGIN CERTIFICATE-----\n" +-"MIIDnzCCAoegAwIBAgIBJjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJERTEcMBoGA1UE\n" +-"ChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxlU2VjIFRydXN0IENlbnRl\n" +-"cjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290IENBIDIwHhcNOTkwNzA5MTIxMTAw\n" +-"WhcNMTkwNzA5MjM1OTAwWjBxMQswCQYDVQQGEwJERTEcMBoGA1UEChMTRGV1dHNjaGUgVGVs\n" +-"ZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxlU2VjIFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1\n" +-"dHNjaGUgVGVsZWtvbSBSb290IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB\n" +-"AQCrC6M14IspFLEUha88EOQ5bzVdSq7d6mGNlUn0b2SjGmBmpKlAIoTZ1KXleJMOaAGtuU1c\n" +-"Os7TuKhCQN/Po7qCWWqSG6wcmtoIKyUn+WkjR/Hg6yx6m/UTAtB+NHzCnjwAWav12gz1Mjwr\n" +-"rFDa1sPeg5TKqAyZMg4ISFZbavva4VhYAUlfckE8FQYBjl2tqriTtM2e66foai1SNNs671x1\n" +-"Udrb8zH57nGYMsRUFUQM+ZtV7a3fGAigo4aKSe5TBY8ZTNXeWHmb0mocQqvF1afPaA+W5OFh\n" +-"mHZhyJF81j4A4pFQh+GdCuatl9Idxjp9y7zaAzTVjlsB9WoHtxa2bkp/AgMBAAGjQjBAMB0G\n" +-"A1UdDgQWBBQxw3kbuvVT1xfgiXotF2wKsyudMzAPBgNVHRMECDAGAQH/AgEFMA4GA1UdDwEB\n" +-"/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAlGRZrTlk5ynrE/5aw4sTV8gEJPB0d8Bg42f7\n" +-"6Ymmg7+Wgnxu1MM9756AbrsptJh6sTtU6zkXR34ajgv8HzFZMQSyzhfzLMdiNlXiItiJVbSY\n" +-"SKpk+tYcNthEeFpaIzpXl/V6ME+un2pMSyuOoAPjPuCp1NJ70rOo4nI8rZ7/gFnkm0W09juw\n" +-"zTkZmDLl6iFhkOQxIY40sfcvNUqFENrnijchvllj4PKFiDFT1FQUhXB59C4Gdyd1Lx+4ivn+\n" +-"xbrYNuSD7Odlt79jWvNGr4GUN9RBjNYj1h7P9WgbRGOiWrqnNVmh5XAFmw4jV5mUCm26OWMo\n" +-"hpLzGITY+9HPBVZkVw==\n" +-"-----END CERTIFICATE-----", +- + /* Cybertrust Global Root */ + "-----BEGIN CERTIFICATE-----\n" + "MIIDoTCCAomgAwIBAgILBAAAAAABD4WqLUgwDQYJKoZIhvcNAQEFBQAwOzEYMBYGA1UEChMP\n" diff --git a/patches/node/crypto_update_root_certificates_to_nss_3_53.patch b/patches/node/crypto_update_root_certificates_to_nss_3_53.patch new file mode 100644 index 0000000000000..32897368fb31c --- /dev/null +++ b/patches/node/crypto_update_root_certificates_to_nss_3_53.patch @@ -0,0 +1,65 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: AshCripps +Date: Mon, 1 Jun 2020 13:34:20 +0100 +Subject: crypto: update root certificates to NSS 3.53 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Update the list of root certificates in src/node_root_certs.h with +tools/mk-ca-bundle.pl. + +Certificates added: +Entrust Root Certification Authority - G4 + +Certificates removed: + +PR-URL: https://github.com/nodejs/node/pull/33682 +Reviewed-By: James M Snell +Reviewed-By: Sam Roberts +Reviewed-By: Beth Griggs +Reviewed-By: Juan José Arboleda + +diff --git a/src/node_root_certs.h b/src/node_root_certs.h +index bc08910c77ad4c9d1121614aa9b97eed0433175c..f8e84e7d231e33736a798c2fd344566df2d2c6a6 100644 +--- a/src/node_root_certs.h ++++ b/src/node_root_certs.h +@@ -3421,4 +3421,38 @@ + "qp9HpLIiyhY6UFfEW0NnxWViA0kB60PZ2Pierc+xYw5F9KBaLJstxabArahH9CdMOA0uG0k7\n" + "UvToiIMrVCjU8jVStDKDYmlkDJGcn5fqdBb9HxEGmpv0\n" + "-----END CERTIFICATE-----", ++ ++/* Entrust Root Certification Authority - G4 */ ++"-----BEGIN CERTIFICATE-----\n" ++"MIIGSzCCBDOgAwIBAgIRANm1Q3+vqTkPAAAAAFVlrVgwDQYJKoZIhvcNAQELBQAwgb4xCzAJ\n" ++"BgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVu\n" ++"dHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxNSBFbnRydXN0LCBJbmMu\n" ++"IC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMTKUVudHJ1c3QgUm9vdCBDZXJ0\n" ++"aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc0MB4XDTE1MDUyNzExMTExNloXDTM3MTIyNzExNDEx\n" ++"Nlowgb4xCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9T\n" ++"ZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxNSBFbnRy\n" ++"dXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMTKUVudHJ1c3Qg\n" ++"Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc0MIICIjANBgkqhkiG9w0BAQEFAAOC\n" ++"Ag8AMIICCgKCAgEAsewsQu7i0TD/pZJH4i3DumSXbcr3DbVZwbPLqGgZ2K+EbTBwXX7zLtJT\n" ++"meH+H17ZSK9dE43b/2MzTdMAArzE+NEGCJR5WIoV3imz/f3ET+iq4qA7ec2/a0My3dl0ELn3\n" ++"9GjUu9CH1apLiipvKgS1sqbHoHrmSKvS0VnM1n4j5pds8ELl3FFLFUHtSUrJ3hCX1nbB76W1\n" ++"NhSXNdh4IjVS70O92yfbYVaCNNzLiGAMC1rlLAHGVK/XqsEQe9IFWrhAnoanw5CGAlZSCXqc\n" ++"0ieCU0plUmr1POeo8pyvi73TDtTUXm6Hnmo9RR3RXRv06QqsYJn7ibT/mCzPfB3pAqoEmh64\n" ++"3IhuJbNsZvc8kPNXwbMv9W3y+8qh+CmdRouzavbmZwe+LGcKKh9asj5XxNMhIWNlUpEbsZmO\n" ++"eX7m640A2Vqq6nPopIICR5b+W45UYaPrL0swsIsjdXJ8ITzI9vF01Bx7owVV7rtNOzK+mndm\n" ++"nqxpkCIHH2E6lr7lmk/MBTwoWdPBDFSoWWG9yHJM6Nyfh3+9nEg2XpWjDrk4JFX8dWbrAuMI\n" ++"NClKxuMrLzOg2qOGpRKX/YAr2hRC45K9PvJdXmd0LhyIRyk0X+IyqJwlN4y6mACXi0mWHv0l\n" ++"iqzc2thddG5msP9E36EYxr5ILzeUePiVSj9/E15dWf10hkNjc0kCAwEAAaNCMEAwDwYDVR0T\n" ++"AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJ84xFYjwznooHFs6FRM5Og6\n" ++"sb9nMA0GCSqGSIb3DQEBCwUAA4ICAQAS5UKme4sPDORGpbZgQIeMJX6tuGguW8ZAdjwD+MlZ\n" ++"9POrYs4QjbRaZIxowLByQzTSGwv2LFPSypBLhmb8qoMi9IsabyZIrHZ3CL/FmFz0Jomee8O5\n" ++"ZDIBf9PD3Vht7LGrhFV0d4QEJ1JrhkzO3bll/9bGXp+aEJlLdWr+aumXIOTkdnrG0CSqkM0g\n" ++"kLpHZPt/B7NTeLUKYvJzQ85BK4FqLoUWlFPUa19yIqtRLULVAJyZv967lDtX/Zr1hstWO1uI\n" ++"AeV8KEsD+UmDfLJ/fOPtjqF/YFOOVZ1QNBIPt5d7bIdKROf1beyAN/BYGW5KaHbwH5Lk6rWS\n" ++"02FREAutp9lfx1/cH6NcjKF+m7ee01ZvZl4HliDtC3T7Zk6LERXpgUl+b7DUUH8i119lAg2m\n" ++"9IUe2K4GS0qn0jFmwvjO5QimpAKWRGhXxNUzzxkvFMSUHHuk2fCfDrGA4tGeEWSpiBE6doLl\n" ++"YsKA2KSD7ZPvfC+QsDJMlhVoSFLUmQjAJOgc47OlIQ6SwJAfzyBfyjs4x7dtOvPmRLgOMWuI\n" ++"jnDrnBdSqEGULoe256YSxXXfW8AKbnuk5F6G+TaU33fD6Q3AOfF5u0aOq0NZJ7cguyPpVkAh\n" ++"7DE9ZapD8j3fcEThuk0mEDuYn/PIjhs4ViFqUZPTkcpG2om3PVODLAgfi49T3f+sHw==\n" ++"-----END CERTIFICATE-----", + #endif // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS diff --git a/patches/node/tools_update_certdata_txt_to_nss_3_47.patch b/patches/node/tools_update_certdata_txt_to_nss_3_47.patch new file mode 100644 index 0000000000000..9d30091186c91 --- /dev/null +++ b/patches/node/tools_update_certdata_txt_to_nss_3_47.patch @@ -0,0 +1,2045 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: AshCripps +Date: Thu, 31 Oct 2019 11:13:12 +0000 +Subject: tools: update certdata.txt to NSS 3.47 + +This is the certdata.txt[0] from NSS 3.47, released on 2019-10-21. + +This is the version of NSS that will ship in Firefox 71 on +2019-12-10. + +[0] https://hg.mozilla.org/projects/nss/raw-file/NSS_3_47_RTM/lib/ckfw/builtins/certdata.txt + +PR-URL: https://github.com/nodejs/node/pull/30195 +Reviewed-By: Sam Roberts +Reviewed-By: David Carlier +Reviewed-By: Beth Griggs +Reviewed-By: Ben Noordhuis +Reviewed-By: Colin Ihrig +Reviewed-By: Franziska Hinkelmann + +diff --git a/tools/certdata.txt b/tools/certdata.txt +index 3466f6ee40ed90ef810ceadc37be35f08a5134a5..3a44db293df268fd3f183f5a297a368ac51d975d 100644 +--- a/tools/certdata.txt ++++ b/tools/certdata.txt +@@ -13,19 +13,21 @@ + # + # Certificates + # +-# -- Attribute -- -- type -- -- value -- +-# CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +-# CKA_TOKEN CK_BBOOL CK_TRUE +-# CKA_PRIVATE CK_BBOOL CK_FALSE +-# CKA_MODIFIABLE CK_BBOOL CK_FALSE +-# CKA_LABEL UTF8 (varies) +-# CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +-# CKA_SUBJECT DER+base64 (varies) +-# CKA_ID byte array (varies) +-# CKA_ISSUER DER+base64 (varies) +-# CKA_SERIAL_NUMBER DER+base64 (varies) +-# CKA_VALUE DER+base64 (varies) +-# CKA_NSS_EMAIL ASCII7 (unused here) ++# -- Attribute -- -- type -- -- value -- ++# CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE ++# CKA_TOKEN CK_BBOOL CK_TRUE ++# CKA_PRIVATE CK_BBOOL CK_FALSE ++# CKA_MODIFIABLE CK_BBOOL CK_FALSE ++# CKA_LABEL UTF8 (varies) ++# CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 ++# CKA_SUBJECT DER+base64 (varies) ++# CKA_ID byte array (varies) ++# CKA_ISSUER DER+base64 (varies) ++# CKA_SERIAL_NUMBER DER+base64 (varies) ++# CKA_VALUE DER+base64 (varies) ++# CKA_NSS_EMAIL ASCII7 (unused here) ++# CKA_NSS_SERVER_DISTRUST_AFTER DER+base64 (varies) ++# CKA_NSS_EMAIL_DISTRUST_AFTER DER+base64 (varies) + # + # Trust + # +@@ -164,6 +166,8 @@ CKA_VALUE MULTILINE_OCTAL + \125\342\374\110\311\051\046\151\340 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "GlobalSign Root CA" + # Issuer: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE +@@ -298,6 +302,8 @@ CKA_VALUE MULTILINE_OCTAL + \152\374\176\102\070\100\144\022\367\236\201\341\223\056 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "GlobalSign Root CA - R2" + # Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2 +@@ -454,6 +460,8 @@ CKA_VALUE MULTILINE_OCTAL + \113\336\006\226\161\054\362\333\266\037\244\357\077\356 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "Verisign Class 1 Public Primary Certification Authority - G3" + # Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US +@@ -619,6 +627,8 @@ CKA_VALUE MULTILINE_OCTAL + \311\130\020\371\252\357\132\266\317\113\113\337\052 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "Verisign Class 2 Public Primary Certification Authority - G3" + # Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US +@@ -784,6 +794,8 @@ CKA_VALUE MULTILINE_OCTAL + \153\271\012\172\116\117\113\204\356\113\361\175\335\021 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "Verisign Class 3 Public Primary Certification Authority - G3" + # Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US +@@ -1059,6 +1071,8 @@ CKA_VALUE MULTILINE_OCTAL + \174\136\232\166\351\131\220\305\174\203\065\021\145\121 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "Entrust.net Premium 2048 Secure Server CA" + # Issuer: CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net +@@ -1197,6 +1211,8 @@ CKA_VALUE MULTILINE_OCTAL + \347\201\035\031\303\044\102\352\143\071\251 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "Baltimore CyberTrust Root" + # Issuer: CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE +@@ -1341,6 +1357,8 @@ CKA_VALUE MULTILINE_OCTAL + \065\341\035\026\034\320\274\053\216\326\161\331 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "AddTrust Low-Value Services Root" + # Issuer: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE +@@ -1490,6 +1508,8 @@ CKA_VALUE MULTILINE_OCTAL + \027\132\173\320\274\307\217\116\206\004 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "AddTrust External Root" + # Issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE +@@ -1654,6 +1674,8 @@ CKA_VALUE MULTILINE_OCTAL + \036\177\132\264\074 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "Entrust Root Certification Authority" + # Issuer: CN=Entrust Root Certification Authority,OU="(c) 2006 Entrust, Inc.",OU=www.entrust.net/CPS is incorporated by reference,O="Entrust, Inc.",C=US +@@ -1788,6 +1810,8 @@ CKA_VALUE MULTILINE_OCTAL + \302\005\146\200\241\313\346\063 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "GeoTrust Global CA" + # Issuer: CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US +@@ -1948,6 +1972,8 @@ CKA_VALUE MULTILINE_OCTAL + \244\346\216\330\371\051\110\212\316\163\376\054 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "GeoTrust Universal CA" + # Issuer: CN=GeoTrust Universal CA,O=GeoTrust Inc.,C=US +@@ -2108,6 +2134,8 @@ CKA_VALUE MULTILINE_OCTAL + \362\034\054\176\256\002\026\322\126\320\057\127\123\107\350\222 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "GeoTrust Universal CA 2" + # Issuer: CN=GeoTrust Universal CA 2,O=GeoTrust Inc.,C=US +@@ -2228,6 +2256,8 @@ CKA_VALUE MULTILINE_OCTAL + \350\140\052\233\205\112\100\363\153\212\044\354\006\026\054\163 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "Certum Root CA" + # Issuer: CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL +@@ -2374,6 +2404,8 @@ CKA_VALUE MULTILINE_OCTAL + \225\351\066\226\230\156 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "Comodo AAA Services root" + # Issuer: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB +@@ -2552,6 +2584,8 @@ CKA_VALUE MULTILINE_OCTAL + \112\164\066\371 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "QuoVadis Root CA" + # Issuer: CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM +@@ -2721,6 +2755,8 @@ CKA_VALUE MULTILINE_OCTAL + \020\005\145\325\202\020\352\302\061\315\056 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "QuoVadis Root CA 2" + # Issuer: CN=QuoVadis Root CA 2,O=QuoVadis Limited,C=BM +@@ -2901,6 +2937,8 @@ CKA_VALUE MULTILINE_OCTAL + \332 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "QuoVadis Root CA 3" + # Issuer: CN=QuoVadis Root CA 3,O=QuoVadis Limited,C=BM +@@ -3030,6 +3068,8 @@ CKA_VALUE MULTILINE_OCTAL + \057\317\246\356\311\160\042\024\275\375\276\154\013\003 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "Security Communication Root CA" + # Issuer: OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP +@@ -3153,6 +3193,8 @@ CKA_VALUE MULTILINE_OCTAL + \160\254\337\114 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "Sonera Class 2 Root CA" + # Issuer: CN=Sonera Class2 CA,O=Sonera,C=FI +@@ -3188,177 +3230,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR + CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST + CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +-# +-# Certificate "UTN USERFirst Email Root CA" +-# +-# Issuer: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US +-# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:25:25:67:c9:89 +-# Subject: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US +-# Not Valid Before: Fri Jul 09 17:28:50 1999 +-# Not Valid After : Tue Jul 09 17:36:58 2019 +-# Fingerprint (MD5): D7:34:3D:EF:1D:27:09:28:E1:31:02:5B:13:2B:DD:F7 +-# Fingerprint (SHA1): B1:72:B1:A5:6D:95:F9:1F:E5:02:87:E1:4D:37:EA:6A:44:63:76:8A +-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +-CKA_TOKEN CK_BBOOL CK_TRUE +-CKA_PRIVATE CK_BBOOL CK_FALSE +-CKA_MODIFIABLE CK_BBOOL CK_FALSE +-CKA_LABEL UTF8 "UTN USERFirst Email Root CA" +-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +-CKA_SUBJECT MULTILINE_OCTAL +-\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123 +-\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060 +-\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153 +-\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023 +-\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116 +-\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023 +-\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162 +-\164\162\165\163\164\056\143\157\155\061\066\060\064\006\003\125 +-\004\003\023\055\125\124\116\055\125\123\105\122\106\151\162\163 +-\164\055\103\154\151\145\156\164\040\101\165\164\150\145\156\164 +-\151\143\141\164\151\157\156\040\141\156\144\040\105\155\141\151 +-\154 +-END +-CKA_ID UTF8 "0" +-CKA_ISSUER MULTILINE_OCTAL +-\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123 +-\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060 +-\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153 +-\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023 +-\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116 +-\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023 +-\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162 +-\164\162\165\163\164\056\143\157\155\061\066\060\064\006\003\125 +-\004\003\023\055\125\124\116\055\125\123\105\122\106\151\162\163 +-\164\055\103\154\151\145\156\164\040\101\165\164\150\145\156\164 +-\151\143\141\164\151\157\156\040\141\156\144\040\105\155\141\151 +-\154 +-END +-CKA_SERIAL_NUMBER MULTILINE_OCTAL +-\002\020\104\276\014\213\120\000\044\264\021\323\066\045\045\147 +-\311\211 +-END +-CKA_VALUE MULTILINE_OCTAL +-\060\202\004\242\060\202\003\212\240\003\002\001\002\002\020\104 +-\276\014\213\120\000\044\264\021\323\066\045\045\147\311\211\060 +-\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201 +-\256\061\013\060\011\006\003\125\004\006\023\002\125\123\061\013 +-\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025\006 +-\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145\040 +-\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025\124 +-\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145\164 +-\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030\150 +-\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164\162 +-\165\163\164\056\143\157\155\061\066\060\064\006\003\125\004\003 +-\023\055\125\124\116\055\125\123\105\122\106\151\162\163\164\055 +-\103\154\151\145\156\164\040\101\165\164\150\145\156\164\151\143 +-\141\164\151\157\156\040\141\156\144\040\105\155\141\151\154\060 +-\036\027\015\071\071\060\067\060\071\061\067\062\070\065\060\132 +-\027\015\061\071\060\067\060\071\061\067\063\066\065\070\132\060 +-\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +-\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025 +-\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145 +-\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025 +-\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145 +-\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030 +-\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164 +-\162\165\163\164\056\143\157\155\061\066\060\064\006\003\125\004 +-\003\023\055\125\124\116\055\125\123\105\122\106\151\162\163\164 +-\055\103\154\151\145\156\164\040\101\165\164\150\145\156\164\151 +-\143\141\164\151\157\156\040\141\156\144\040\105\155\141\151\154 +-\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001 +-\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001 +-\000\262\071\205\244\362\175\253\101\073\142\106\067\256\315\301 +-\140\165\274\071\145\371\112\032\107\242\271\314\110\314\152\230 +-\325\115\065\031\271\244\102\345\316\111\342\212\057\036\174\322 +-\061\007\307\116\264\203\144\235\056\051\325\242\144\304\205\275 +-\205\121\065\171\244\116\150\220\173\034\172\244\222\250\027\362 +-\230\025\362\223\314\311\244\062\225\273\014\117\060\275\230\240 +-\013\213\345\156\033\242\106\372\170\274\242\157\253\131\136\245 +-\057\317\312\332\155\252\057\353\254\241\263\152\252\267\056\147 +-\065\213\171\341\036\151\210\342\346\106\315\240\245\352\276\013 +-\316\166\072\172\016\233\352\374\332\047\133\075\163\037\042\346 +-\110\141\306\114\363\151\261\250\056\033\266\324\061\040\054\274 +-\202\212\216\244\016\245\327\211\103\374\026\132\257\035\161\327 +-\021\131\332\272\207\015\257\372\363\341\302\360\244\305\147\214 +-\326\326\124\072\336\012\244\272\003\167\263\145\310\375\036\323 +-\164\142\252\030\312\150\223\036\241\205\176\365\107\145\313\370 +-\115\127\050\164\322\064\377\060\266\356\366\142\060\024\214\054 +-\353\002\003\001\000\001\243\201\271\060\201\266\060\013\006\003 +-\125\035\017\004\004\003\002\001\306\060\017\006\003\125\035\023 +-\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035 +-\016\004\026\004\024\211\202\147\175\304\235\046\160\000\113\264 +-\120\110\174\336\075\256\004\156\175\060\130\006\003\125\035\037 +-\004\121\060\117\060\115\240\113\240\111\206\107\150\164\164\160 +-\072\057\057\143\162\154\056\165\163\145\162\164\162\165\163\164 +-\056\143\157\155\057\125\124\116\055\125\123\105\122\106\151\162 +-\163\164\055\103\154\151\145\156\164\101\165\164\150\145\156\164 +-\151\143\141\164\151\157\156\141\156\144\105\155\141\151\154\056 +-\143\162\154\060\035\006\003\125\035\045\004\026\060\024\006\010 +-\053\006\001\005\005\007\003\002\006\010\053\006\001\005\005\007 +-\003\004\060\015\006\011\052\206\110\206\367\015\001\001\005\005 +-\000\003\202\001\001\000\261\155\141\135\246\032\177\174\253\112 +-\344\060\374\123\157\045\044\306\312\355\342\061\134\053\016\356 +-\356\141\125\157\004\076\317\071\336\305\033\111\224\344\353\040 +-\114\264\346\236\120\056\162\331\215\365\252\243\263\112\332\126 +-\034\140\227\200\334\202\242\255\112\275\212\053\377\013\011\264 +-\306\327\040\004\105\344\315\200\001\272\272\053\156\316\252\327 +-\222\376\344\257\353\364\046\035\026\052\177\154\060\225\067\057 +-\063\022\254\177\335\307\321\021\214\121\230\262\320\243\221\320 +-\255\366\237\236\203\223\036\035\102\270\106\257\153\146\360\233 +-\177\352\343\003\002\345\002\121\301\252\325\065\235\162\100\003 +-\211\272\061\035\305\020\150\122\236\337\242\205\305\134\010\246 +-\170\346\123\117\261\350\267\323\024\236\223\246\303\144\343\254 +-\176\161\315\274\237\351\003\033\314\373\351\254\061\301\257\174 +-\025\164\002\231\303\262\107\246\302\062\141\327\307\157\110\044 +-\121\047\241\325\207\125\362\173\217\230\075\026\236\356\165\266 +-\370\320\216\362\363\306\256\050\133\247\360\363\066\027\374\303 +-\005\323\312\003\112\124 +-END +-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +- +-# Trust for Certificate "UTN USERFirst Email Root CA" +-# Issuer: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US +-# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:25:25:67:c9:89 +-# Subject: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US +-# Not Valid Before: Fri Jul 09 17:28:50 1999 +-# Not Valid After : Tue Jul 09 17:36:58 2019 +-# Fingerprint (MD5): D7:34:3D:EF:1D:27:09:28:E1:31:02:5B:13:2B:DD:F7 +-# Fingerprint (SHA1): B1:72:B1:A5:6D:95:F9:1F:E5:02:87:E1:4D:37:EA:6A:44:63:76:8A +-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +-CKA_TOKEN CK_BBOOL CK_TRUE +-CKA_PRIVATE CK_BBOOL CK_FALSE +-CKA_MODIFIABLE CK_BBOOL CK_FALSE +-CKA_LABEL UTF8 "UTN USERFirst Email Root CA" +-CKA_CERT_SHA1_HASH MULTILINE_OCTAL +-\261\162\261\245\155\225\371\037\345\002\207\341\115\067\352\152 +-\104\143\166\212 +-END +-CKA_CERT_MD5_HASH MULTILINE_OCTAL +-\327\064\075\357\035\047\011\050\341\061\002\133\023\053\335\367 +-END +-CKA_ISSUER MULTILINE_OCTAL +-\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123 +-\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060 +-\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153 +-\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023 +-\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116 +-\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023 +-\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162 +-\164\162\165\163\164\056\143\157\155\061\066\060\064\006\003\125 +-\004\003\023\055\125\124\116\055\125\123\105\122\106\151\162\163 +-\164\055\103\154\151\145\156\164\040\101\165\164\150\145\156\164 +-\151\143\141\164\151\157\156\040\141\156\144\040\105\155\141\151 +-\154 +-END +-CKA_SERIAL_NUMBER MULTILINE_OCTAL +-\002\020\104\276\014\213\120\000\044\264\021\323\066\045\045\147 +-\311\211 +-END +-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE +- + # + # Certificate "Camerfirma Chambers of Commerce Root" + # +@@ -3481,6 +3352,8 @@ CKA_VALUE MULTILINE_OCTAL + \334 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "Camerfirma Chambers of Commerce Root" + # Issuer: CN=Chambers of Commerce Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU +@@ -3641,6 +3514,8 @@ CKA_VALUE MULTILINE_OCTAL + \166\135\165\220\032\365\046\217\360 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "Camerfirma Global Chambersign Root" + # Issuer: CN=Global Chambersign Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU +@@ -3794,6 +3669,8 @@ CKA_VALUE MULTILINE_OCTAL + \264\003\045\274 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "XRamp Global CA Root" + # Issuer: CN=XRamp Global Certification Authority,O=XRamp Security Services Inc,OU=www.xrampsecurity.com,C=US +@@ -3941,6 +3818,8 @@ CKA_VALUE MULTILINE_OCTAL + \177\333\275\237 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "Go Daddy Class 2 CA" + # Issuer: OU=Go Daddy Class 2 Certification Authority,O="The Go Daddy Group, Inc.",C=US +@@ -4086,6 +3965,8 @@ CKA_VALUE MULTILINE_OCTAL + \037\027\224 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "Starfield Class 2 CA" + # Issuer: OU=Starfield Class 2 Certification Authority,O="Starfield Technologies, Inc.",C=US +@@ -4250,6 +4131,8 @@ CKA_VALUE MULTILINE_OCTAL + \245\206\054\174\364\022 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "Taiwan GRCA" + # Issuer: O=Government Root Certification Authority,C=TW +@@ -4389,6 +4272,8 @@ CKA_VALUE MULTILINE_OCTAL + \346\120\262\247\372\012\105\057\242\360\362 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "DigiCert Assured ID Root CA" + # Issuer: CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US +@@ -4530,6 +4415,8 @@ CKA_VALUE MULTILINE_OCTAL + \225\155\336 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "DigiCert Global Root CA" + # Issuer: CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US +@@ -4672,6 +4559,8 @@ CKA_VALUE MULTILINE_OCTAL + \370\351\056\023\243\167\350\037\112 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "DigiCert High Assurance EV Root CA" + # Issuer: CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US +@@ -4711,136 +4600,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR + CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST + CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +-# +-# Certificate "Certplus Class 2 Primary CA" +-# +-# Issuer: CN=Class 2 Primary CA,O=Certplus,C=FR +-# Serial Number:00:85:bd:4b:f3:d8:da:e3:69:f6:94:d7:5f:c3:a5:44:23 +-# Subject: CN=Class 2 Primary CA,O=Certplus,C=FR +-# Not Valid Before: Wed Jul 07 17:05:00 1999 +-# Not Valid After : Sat Jul 06 23:59:59 2019 +-# Fingerprint (MD5): 88:2C:8C:52:B8:A2:3C:F3:F7:BB:03:EA:AE:AC:42:0B +-# Fingerprint (SHA1): 74:20:74:41:72:9C:DD:92:EC:79:31:D8:23:10:8D:C2:81:92:E2:BB +-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +-CKA_TOKEN CK_BBOOL CK_TRUE +-CKA_PRIVATE CK_BBOOL CK_FALSE +-CKA_MODIFIABLE CK_BBOOL CK_FALSE +-CKA_LABEL UTF8 "Certplus Class 2 Primary CA" +-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +-CKA_SUBJECT MULTILINE_OCTAL +-\060\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061 +-\021\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154 +-\165\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141 +-\163\163\040\062\040\120\162\151\155\141\162\171\040\103\101 +-END +-CKA_ID UTF8 "0" +-CKA_ISSUER MULTILINE_OCTAL +-\060\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061 +-\021\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154 +-\165\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141 +-\163\163\040\062\040\120\162\151\155\141\162\171\040\103\101 +-END +-CKA_SERIAL_NUMBER MULTILINE_OCTAL +-\002\021\000\205\275\113\363\330\332\343\151\366\224\327\137\303 +-\245\104\043 +-END +-CKA_VALUE MULTILINE_OCTAL +-\060\202\003\222\060\202\002\172\240\003\002\001\002\002\021\000 +-\205\275\113\363\330\332\343\151\366\224\327\137\303\245\104\043 +-\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 +-\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061\021 +-\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154\165 +-\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141\163 +-\163\040\062\040\120\162\151\155\141\162\171\040\103\101\060\036 +-\027\015\071\071\060\067\060\067\061\067\060\065\060\060\132\027 +-\015\061\071\060\067\060\066\062\063\065\071\065\071\132\060\075 +-\061\013\060\011\006\003\125\004\006\023\002\106\122\061\021\060 +-\017\006\003\125\004\012\023\010\103\145\162\164\160\154\165\163 +-\061\033\060\031\006\003\125\004\003\023\022\103\154\141\163\163 +-\040\062\040\120\162\151\155\141\162\171\040\103\101\060\202\001 +-\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000 +-\003\202\001\017\000\060\202\001\012\002\202\001\001\000\334\120 +-\226\320\022\370\065\322\010\170\172\266\122\160\375\157\356\317 +-\271\021\313\135\167\341\354\351\176\004\215\326\314\157\163\103 +-\127\140\254\063\012\104\354\003\137\034\200\044\221\345\250\221 +-\126\022\202\367\340\053\364\333\256\141\056\211\020\215\153\154 +-\272\263\002\275\325\066\305\110\067\043\342\360\132\067\122\063 +-\027\022\342\321\140\115\276\057\101\021\343\366\027\045\014\213 +-\221\300\033\231\173\231\126\015\257\356\322\274\107\127\343\171 +-\111\173\064\211\047\044\204\336\261\354\351\130\116\376\116\337 +-\132\276\101\255\254\010\305\030\016\357\322\123\356\154\320\235 +-\022\001\023\215\334\200\142\367\225\251\104\210\112\161\116\140 +-\125\236\333\043\031\171\126\007\014\077\143\013\134\260\342\276 +-\176\025\374\224\063\130\101\070\164\304\341\217\213\337\046\254 +-\037\265\213\073\267\103\131\153\260\044\246\155\220\213\304\162 +-\352\135\063\230\267\313\336\136\173\357\224\361\033\076\312\311 +-\041\301\305\230\002\252\242\366\133\167\233\365\176\226\125\064 +-\034\147\151\300\361\102\343\107\254\374\050\034\146\125\002\003 +-\001\000\001\243\201\214\060\201\211\060\017\006\003\125\035\023 +-\004\010\060\006\001\001\377\002\001\012\060\013\006\003\125\035 +-\017\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026 +-\004\024\343\163\055\337\313\016\050\014\336\335\263\244\312\171 +-\270\216\273\350\060\211\060\021\006\011\140\206\110\001\206\370 +-\102\001\001\004\004\003\002\001\006\060\067\006\003\125\035\037 +-\004\060\060\056\060\054\240\052\240\050\206\046\150\164\164\160 +-\072\057\057\167\167\167\056\143\145\162\164\160\154\165\163\056 +-\143\157\155\057\103\122\114\057\143\154\141\163\163\062\056\143 +-\162\154\060\015\006\011\052\206\110\206\367\015\001\001\005\005 +-\000\003\202\001\001\000\247\124\317\210\104\031\313\337\324\177 +-\000\337\126\063\142\265\367\121\001\220\353\303\077\321\210\104 +-\351\044\135\357\347\024\275\040\267\232\074\000\376\155\237\333 +-\220\334\327\364\142\326\213\160\135\347\345\004\110\251\150\174 +-\311\361\102\363\154\177\305\172\174\035\121\210\272\322\012\076 +-\047\135\336\055\121\116\323\023\144\151\344\056\343\323\347\233 +-\011\231\246\340\225\233\316\032\327\177\276\074\316\122\263\021 +-\025\301\017\027\315\003\273\234\045\025\272\242\166\211\374\006 +-\361\030\320\223\113\016\174\202\267\245\364\366\137\376\355\100 +-\246\235\204\164\071\271\334\036\205\026\332\051\033\206\043\000 +-\311\273\211\176\156\200\210\036\057\024\264\003\044\250\062\157 +-\003\232\107\054\060\276\126\306\247\102\002\160\033\352\100\330 +-\272\005\003\160\007\244\226\377\375\110\063\012\341\334\245\201 +-\220\233\115\335\175\347\347\262\315\134\310\152\225\370\245\366 +-\215\304\135\170\010\276\173\006\326\111\317\031\066\120\043\056 +-\010\346\236\005\115\107\030\325\026\351\261\326\266\020\325\273 +-\227\277\242\216\264\124 +-END +-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +- +-# Trust for Certificate "Certplus Class 2 Primary CA" +-# Issuer: CN=Class 2 Primary CA,O=Certplus,C=FR +-# Serial Number:00:85:bd:4b:f3:d8:da:e3:69:f6:94:d7:5f:c3:a5:44:23 +-# Subject: CN=Class 2 Primary CA,O=Certplus,C=FR +-# Not Valid Before: Wed Jul 07 17:05:00 1999 +-# Not Valid After : Sat Jul 06 23:59:59 2019 +-# Fingerprint (MD5): 88:2C:8C:52:B8:A2:3C:F3:F7:BB:03:EA:AE:AC:42:0B +-# Fingerprint (SHA1): 74:20:74:41:72:9C:DD:92:EC:79:31:D8:23:10:8D:C2:81:92:E2:BB +-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +-CKA_TOKEN CK_BBOOL CK_TRUE +-CKA_PRIVATE CK_BBOOL CK_FALSE +-CKA_MODIFIABLE CK_BBOOL CK_FALSE +-CKA_LABEL UTF8 "Certplus Class 2 Primary CA" +-CKA_CERT_SHA1_HASH MULTILINE_OCTAL +-\164\040\164\101\162\234\335\222\354\171\061\330\043\020\215\302 +-\201\222\342\273 +-END +-CKA_CERT_MD5_HASH MULTILINE_OCTAL +-\210\054\214\122\270\242\074\363\367\273\003\352\256\254\102\013 +-END +-CKA_ISSUER MULTILINE_OCTAL +-\060\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061 +-\021\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154 +-\165\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141 +-\163\163\040\062\040\120\162\151\155\141\162\171\040\103\101 +-END +-CKA_SERIAL_NUMBER MULTILINE_OCTAL +-\002\021\000\205\275\113\363\330\332\343\151\366\224\327\137\303 +-\245\104\043 +-END +-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE +- + # + # Certificate "DST Root CA X3" + # +@@ -4932,6 +4691,8 @@ CKA_VALUE MULTILINE_OCTAL + \013\004\216\007\333\051\266\012\356\235\202\065\065\020 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "DST Root CA X3" + # Issuer: CN=DST Root CA X3,O=Digital Signature Trust Co. +@@ -5099,6 +4860,8 @@ CKA_VALUE MULTILINE_OCTAL + \205\206\171\145\322 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "SwissSign Platinum CA - G2" + # Issuer: CN=SwissSign Platinum CA - G2,O=SwissSign AG,C=CH +@@ -5264,6 +5027,8 @@ CKA_VALUE MULTILINE_OCTAL + \111\044\133\311\260\320\127\301\372\076\172\341\227\311 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "SwissSign Gold CA - G2" + # Issuer: CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH +@@ -5430,6 +5195,8 @@ CKA_VALUE MULTILINE_OCTAL + \156 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "SwissSign Silver CA - G2" + # Issuer: CN=SwissSign Silver CA - G2,O=SwissSign AG,C=CH +@@ -5562,6 +5329,8 @@ CKA_VALUE MULTILINE_OCTAL + \253\022\350\263\336\132\345\240\174\350\017\042\035\132\351\131 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "GeoTrust Primary Certification Authority" + # Issuer: CN=GeoTrust Primary Certification Authority,O=GeoTrust Inc.,C=US +@@ -5717,6 +5486,8 @@ CKA_VALUE MULTILINE_OCTAL + \215\126\214\150 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "thawte Primary Root CA" + # Issuer: CN=thawte Primary Root CA,OU="(c) 2006 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US +@@ -5892,6 +5663,8 @@ CKA_VALUE MULTILINE_OCTAL + \254\021\326\250\355\143\152 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "VeriSign Class 3 Public Primary Certification Authority - G5" + # Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US +@@ -6035,6 +5808,8 @@ CKA_VALUE MULTILINE_OCTAL + \113\035\236\054\302\270\150\274\355\002\356\061 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "SecureTrust CA" + # Issuer: CN=SecureTrust CA,O=SecureTrust Corporation,C=US +@@ -6170,6 +5945,8 @@ CKA_VALUE MULTILINE_OCTAL + \117\043\037\332\154\254\037\104\341\335\043\170\121\133\307\026 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "Secure Global CA" + # Issuer: CN=Secure Global CA,O=SecureTrust Corporation,C=US +@@ -6320,6 +6097,8 @@ CKA_VALUE MULTILINE_OCTAL + \145 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "COMODO Certification Authority" + # Issuer: CN=COMODO Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB +@@ -6466,6 +6245,8 @@ CKA_VALUE MULTILINE_OCTAL + \244\140\114\260\125\240\240\173\127\262 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "Network Solutions Certificate Authority" + # Issuer: CN=Network Solutions Certificate Authority,O=Network Solutions L.L.C.,C=US +@@ -6592,6 +6373,8 @@ CKA_VALUE MULTILINE_OCTAL + \334\335\363\377\035\054\072\026\127\331\222\071\326 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "COMODO ECC Certification Authority" + # Issuer: CN=COMODO ECC Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB +@@ -6743,6 +6526,8 @@ CKA_VALUE MULTILINE_OCTAL + \374\276\337\012\015 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "OISTE WISeKey Global Root GA CA" + # Issuer: CN=OISTE WISeKey Global Root GA CA,OU=OISTE Foundation Endorsed,OU=Copyright (c) 2005,O=WISeKey,C=CH +@@ -6878,6 +6663,8 @@ CKA_VALUE MULTILINE_OCTAL + \300\226\130\057\352\273\106\327\273\344\331\056 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "Certigna" + # Issuer: CN=Certigna,O=Dhimyotis,C=FR +@@ -6913,147 +6700,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR + CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST + CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +-# +-# Certificate "Deutsche Telekom Root CA 2" +-# +-# Issuer: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE +-# Serial Number: 38 (0x26) +-# Subject: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE +-# Not Valid Before: Fri Jul 09 12:11:00 1999 +-# Not Valid After : Tue Jul 09 23:59:00 2019 +-# Fingerprint (MD5): 74:01:4A:91:B1:08:C4:58:CE:47:CD:F0:DD:11:53:08 +-# Fingerprint (SHA1): 85:A4:08:C0:9C:19:3E:5D:51:58:7D:CD:D6:13:30:FD:8C:DE:37:BF +-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +-CKA_TOKEN CK_BBOOL CK_TRUE +-CKA_PRIVATE CK_BBOOL CK_FALSE +-CKA_MODIFIABLE CK_BBOOL CK_FALSE +-CKA_LABEL UTF8 "Deutsche Telekom Root CA 2" +-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +-CKA_SUBJECT MULTILINE_OCTAL +-\060\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +-\034\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143 +-\150\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060 +-\035\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145 +-\143\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043 +-\060\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150 +-\145\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103 +-\101\040\062 +-END +-CKA_ID UTF8 "0" +-CKA_ISSUER MULTILINE_OCTAL +-\060\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +-\034\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143 +-\150\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060 +-\035\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145 +-\143\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043 +-\060\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150 +-\145\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103 +-\101\040\062 +-END +-CKA_SERIAL_NUMBER MULTILINE_OCTAL +-\002\001\046 +-END +-CKA_VALUE MULTILINE_OCTAL +-\060\202\003\237\060\202\002\207\240\003\002\001\002\002\001\046 +-\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 +-\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061\034 +-\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143\150 +-\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060\035 +-\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145\143 +-\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043\060 +-\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150\145 +-\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103\101 +-\040\062\060\036\027\015\071\071\060\067\060\071\061\062\061\061 +-\060\060\132\027\015\061\071\060\067\060\071\062\063\065\071\060 +-\060\132\060\161\061\013\060\011\006\003\125\004\006\023\002\104 +-\105\061\034\060\032\006\003\125\004\012\023\023\104\145\165\164 +-\163\143\150\145\040\124\145\154\145\153\157\155\040\101\107\061 +-\037\060\035\006\003\125\004\013\023\026\124\055\124\145\154\145 +-\123\145\143\040\124\162\165\163\164\040\103\145\156\164\145\162 +-\061\043\060\041\006\003\125\004\003\023\032\104\145\165\164\163 +-\143\150\145\040\124\145\154\145\153\157\155\040\122\157\157\164 +-\040\103\101\040\062\060\202\001\042\060\015\006\011\052\206\110 +-\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001 +-\012\002\202\001\001\000\253\013\243\065\340\213\051\024\261\024 +-\205\257\074\020\344\071\157\065\135\112\256\335\352\141\215\225 +-\111\364\157\144\243\032\140\146\244\251\100\042\204\331\324\245 +-\345\170\223\016\150\001\255\271\115\134\072\316\323\270\250\102 +-\100\337\317\243\272\202\131\152\222\033\254\034\232\332\010\053 +-\045\047\371\151\043\107\361\340\353\054\172\233\365\023\002\320 +-\176\064\174\302\236\074\000\131\253\365\332\014\365\062\074\053 +-\254\120\332\326\303\336\203\224\312\250\014\231\062\016\010\110 +-\126\133\152\373\332\341\130\130\001\111\137\162\101\074\025\006 +-\001\216\135\255\252\270\223\264\315\236\353\247\350\152\055\122 +-\064\333\072\357\134\165\121\332\333\363\061\371\356\161\230\062 +-\304\124\025\104\014\371\233\125\355\255\337\030\010\240\243\206 +-\212\111\356\123\005\217\031\114\325\336\130\171\233\322\152\034 +-\102\253\305\325\247\317\150\017\226\344\341\141\230\166\141\310 +-\221\174\326\076\000\342\221\120\207\341\235\012\346\255\227\322 +-\035\306\072\175\313\274\332\003\064\325\216\133\001\365\152\007 +-\267\026\266\156\112\177\002\003\001\000\001\243\102\060\100\060 +-\035\006\003\125\035\016\004\026\004\024\061\303\171\033\272\365 +-\123\327\027\340\211\172\055\027\154\012\263\053\235\063\060\017 +-\006\003\125\035\023\004\010\060\006\001\001\377\002\001\005\060 +-\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060 +-\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202 +-\001\001\000\224\144\131\255\071\144\347\051\353\023\376\132\303 +-\213\023\127\310\004\044\360\164\167\300\140\343\147\373\351\211 +-\246\203\277\226\202\174\156\324\303\075\357\236\200\156\273\051 +-\264\230\172\261\073\124\353\071\027\107\176\032\216\013\374\037 +-\061\131\061\004\262\316\027\363\054\307\142\066\125\342\042\330 +-\211\125\264\230\110\252\144\372\326\034\066\330\104\170\132\132 +-\043\072\127\227\365\172\060\117\256\237\152\114\113\053\216\240 +-\003\343\076\340\251\324\322\173\322\263\250\342\162\074\255\236 +-\377\200\131\344\233\105\264\366\073\260\315\071\031\230\062\345 +-\352\041\141\220\344\061\041\216\064\261\367\057\065\112\205\020 +-\332\347\212\067\041\276\131\143\340\362\205\210\061\123\324\124 +-\024\205\160\171\364\056\006\167\047\165\057\037\270\212\371\376 +-\305\272\330\066\344\203\354\347\145\267\277\143\132\363\106\257 +-\201\224\067\324\101\214\326\043\326\036\317\365\150\033\104\143 +-\242\132\272\247\065\131\241\345\160\005\233\016\043\127\231\224 +-\012\155\272\071\143\050\206\222\363\030\204\330\373\321\317\005 +-\126\144\127 +-END +-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +- +-# Trust for Certificate "Deutsche Telekom Root CA 2" +-# Issuer: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE +-# Serial Number: 38 (0x26) +-# Subject: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE +-# Not Valid Before: Fri Jul 09 12:11:00 1999 +-# Not Valid After : Tue Jul 09 23:59:00 2019 +-# Fingerprint (MD5): 74:01:4A:91:B1:08:C4:58:CE:47:CD:F0:DD:11:53:08 +-# Fingerprint (SHA1): 85:A4:08:C0:9C:19:3E:5D:51:58:7D:CD:D6:13:30:FD:8C:DE:37:BF +-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +-CKA_TOKEN CK_BBOOL CK_TRUE +-CKA_PRIVATE CK_BBOOL CK_FALSE +-CKA_MODIFIABLE CK_BBOOL CK_FALSE +-CKA_LABEL UTF8 "Deutsche Telekom Root CA 2" +-CKA_CERT_SHA1_HASH MULTILINE_OCTAL +-\205\244\010\300\234\031\076\135\121\130\175\315\326\023\060\375 +-\214\336\067\277 +-END +-CKA_CERT_MD5_HASH MULTILINE_OCTAL +-\164\001\112\221\261\010\304\130\316\107\315\360\335\021\123\010 +-END +-CKA_ISSUER MULTILINE_OCTAL +-\060\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +-\034\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143 +-\150\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060 +-\035\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145 +-\143\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043 +-\060\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150 +-\145\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103 +-\101\040\062 +-END +-CKA_SERIAL_NUMBER MULTILINE_OCTAL +-\002\001\046 +-END +-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE +- + # + # Certificate "Cybertrust Global Root" + # +@@ -7148,6 +6794,8 @@ CKA_VALUE MULTILINE_OCTAL + \246\210\070\316\125 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "Cybertrust Global Root" + # Issuer: CN=Cybertrust Global Root,O="Cybertrust, Inc" +@@ -7315,6 +6963,8 @@ CKA_VALUE MULTILINE_OCTAL + \201\370\021\234 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "ePKI Root Certification Authority" + # Issuer: OU=ePKI Root Certification Authority,O="Chunghwa Telecom Co., Ltd.",C=TW +@@ -7440,6 +7090,8 @@ CKA_VALUE MULTILINE_OCTAL + \366\356\260\132\116\111\104\124\130\137\102\203 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "certSIGN ROOT CA" + # Issuer: OU=certSIGN ROOT CA,O=certSIGN,C=RO +@@ -7588,6 +7240,8 @@ CKA_VALUE MULTILINE_OCTAL + \021\055 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "GeoTrust Primary Certification Authority - G3" + # Issuer: CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US +@@ -7717,6 +7371,8 @@ CKA_VALUE MULTILINE_OCTAL + \367\130\077\056\162\002\127\243\217\241\024\056 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "thawte Primary Root CA - G2" + # Issuer: CN=thawte Primary Root CA - G2,OU="(c) 2007 thawte, Inc. - For authorized use only",O="thawte, Inc.",C=US +@@ -7877,6 +7533,8 @@ CKA_VALUE MULTILINE_OCTAL + \061\324\100\032\142\064\066\077\065\001\256\254\143\240 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "thawte Primary Root CA - G3" + # Issuer: CN=thawte Primary Root CA - G3,OU="(c) 2008 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US +@@ -8013,6 +7671,8 @@ CKA_VALUE MULTILINE_OCTAL + \017\212 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "GeoTrust Primary Certification Authority - G2" + # Issuer: CN=GeoTrust Primary Certification Authority - G2,OU=(c) 2007 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US +@@ -8183,6 +7843,8 @@ CKA_VALUE MULTILINE_OCTAL + \354\315\202\141\361\070\346\117\227\230\052\132\215 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "VeriSign Universal Root Certification Authority" + # Issuer: CN=VeriSign Universal Root Certification Authority,OU="(c) 2008 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US +@@ -8338,6 +8000,8 @@ CKA_VALUE MULTILINE_OCTAL + \055\247\330\206\052\335\056\020 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "VeriSign Class 3 Public Primary Certification Authority - G4" + # Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G4,OU="(c) 2007 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US +@@ -8498,6 +8162,8 @@ CKA_VALUE MULTILINE_OCTAL + \330\316\304\143\165\077\131\107\261 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "NetLock Arany (Class Gold) Főtanúsítvány" + # Issuer: CN=NetLock Arany (Class Gold) F..tan..s..tv..ny,OU=Tan..s..tv..nykiad..k (Certification Services),O=NetLock Kft.,L=Budapest,C=HU +@@ -8672,6 +8338,8 @@ CKA_VALUE MULTILINE_OCTAL + \370\161\012\334\271\374\175\062\140\346\353\257\212\001 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "Staat der Nederlanden Root CA - G2" + # Issuer: CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL +@@ -8798,6 +8466,8 @@ CKA_VALUE MULTILINE_OCTAL + \002\153\331\132 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "Hongkong Post Root CA 1" + # Issuer: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK +@@ -8929,6 +8599,8 @@ CKA_VALUE MULTILINE_OCTAL + \362 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "SecureSign RootCA11" + # Issuer: CN=SecureSign RootCA11,O="Japan Certification Services, Inc.",C=JP +@@ -9076,6 +8748,8 @@ CKA_VALUE MULTILINE_OCTAL + \202\042\055\172\124\253\160\303\175\042\145\202\160\226 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "Microsec e-Szigno Root CA 2009" + # Issuer: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU +@@ -9208,6 +8882,8 @@ CKA_VALUE MULTILINE_OCTAL + \130\077\137 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "GlobalSign Root CA - R3" + # Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3 +@@ -9381,6 +9057,8 @@ CKA_VALUE MULTILINE_OCTAL + \156\117\022\176\012\074\235\225 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" + # Issuer: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,C=ES +@@ -9550,6 +9228,8 @@ CKA_VALUE MULTILINE_OCTAL + \333\374\046\210\307 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "Izenpe.com" + # Issuer: CN=Izenpe.com,O=IZENPE S.A.,C=ES +@@ -9755,6 +9435,8 @@ CKA_VALUE MULTILINE_OCTAL + \167\110\320 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "Chambers of Commerce Root - 2008" + # Issuer: CN=Chambers of Commerce Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU +@@ -9964,6 +9646,8 @@ CKA_VALUE MULTILINE_OCTAL + \351\233\256\325\124\300\164\200\321\013\102\237\301 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "Global Chambersign Root - 2008" + # Issuer: CN=Global Chambersign Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU +@@ -10112,6 +9796,8 @@ CKA_VALUE MULTILINE_OCTAL + \342\342\104\276\134\367\352\034\365 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "Go Daddy Root Certificate Authority - G2" + # Issuer: CN=Go Daddy Root Certificate Authority - G2,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US +@@ -10262,6 +9948,8 @@ CKA_VALUE MULTILINE_OCTAL + \364 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "Starfield Root Certificate Authority - G2" + # Issuer: CN=Starfield Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US +@@ -10414,6 +10102,8 @@ CKA_VALUE MULTILINE_OCTAL + \261\050\272 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "Starfield Services Root Certificate Authority - G2" + # Issuer: CN=Starfield Services Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US +@@ -10545,6 +10235,8 @@ CKA_VALUE MULTILINE_OCTAL + \007\072\027\144\265\004\265\043\041\231\012\225\073\227\174\357 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "AffirmTrust Commercial" + # Issuer: CN=AffirmTrust Commercial,O=AffirmTrust,C=US +@@ -10671,6 +10363,8 @@ CKA_VALUE MULTILINE_OCTAL + \355\132\000\124\205\034\026\066\222\014\134\372\246\255\277\333 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "AffirmTrust Networking" + # Issuer: CN=AffirmTrust Networking,O=AffirmTrust,C=US +@@ -10829,6 +10523,8 @@ CKA_VALUE MULTILINE_OCTAL + \051\340\266\270\011\150\031\034\030\103 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "AffirmTrust Premium" + # Issuer: CN=AffirmTrust Premium,O=AffirmTrust,C=US +@@ -10935,6 +10631,8 @@ CKA_VALUE MULTILINE_OCTAL + \214\171 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "AffirmTrust Premium ECC" + # Issuer: CN=AffirmTrust Premium ECC,O=AffirmTrust,C=US +@@ -11074,6 +10772,8 @@ CKA_VALUE MULTILINE_OCTAL + \326\267\064\365\176\316\071\232\331\070\361\121\367\117\054 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "Certum Trusted Network CA" + # Issuer: CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL +@@ -11210,6 +10910,8 @@ CKA_VALUE MULTILINE_OCTAL + \274\060\376\173\016\063\220\373\355\322\024\221\037\007\257 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "TWCA Root Certification Authority" + # Issuer: CN=TWCA Root Certification Authority,OU=Root CA,O=TAIWAN-CA,C=TW +@@ -11693,6 +11395,8 @@ CKA_VALUE MULTILINE_OCTAL + \201\050\174\247\175\047\353\000\256\215\067 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "Security Communication RootCA2" + # Issuer: OU=Security Communication RootCA2,O="SECOM Trust Systems CO.,LTD.",C=JP +@@ -11876,6 +11580,8 @@ CKA_VALUE MULTILINE_OCTAL + \371\210\075\176\270\157\156\003\344\102 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "EC-ACC" + # Issuer: CN=EC-ACC,OU=Jerarquia Entitats de Certificacio Catalanes,OU=Vegeu https://www.catcert.net/verarrel (c)03,OU=Serveis Publics de Certificacio,O=Agencia Catalana de Certificacio (NIF Q-0801176-I),C=ES +@@ -12039,6 +11745,8 @@ CKA_VALUE MULTILINE_OCTAL + \113\321\047\327\270 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "Hellenic Academic and Research Institutions RootCA 2011" + # Issuer: CN=Hellenic Academic and Research Institutions RootCA 2011,O=Hellenic Academic and Research Institutions Cert. Authority,C=GR +@@ -12275,6 +11983,8 @@ CKA_VALUE MULTILINE_OCTAL + \216\362\024\212\314\351\265\174\373\154\235\014\245\341\226 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "Actalis Authentication Root CA" + # Issuer: CN=Actalis Authentication Root CA,O=Actalis S.p.A./03358520967,L=Milan,C=IT +@@ -12406,6 +12116,8 @@ CKA_VALUE MULTILINE_OCTAL + \145\353\127\331\363\127\226\273\110\315\201 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "Trustis FPS Root CA" + # Issuer: OU=Trustis FPS Root CA,O=Trustis Limited,C=GB +@@ -12566,6 +12278,8 @@ CKA_VALUE MULTILINE_OCTAL + \327\201\011\361\311\307\046\015\254\230\026\126\240 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "Buypass Class 2 Root CA" + # Issuer: CN=Buypass Class 2 Root CA,O=Buypass AS-983163327,C=NO +@@ -12725,6 +12439,8 @@ CKA_VALUE MULTILINE_OCTAL + \061\356\006\274\163\277\023\142\012\237\307\271\227 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "Buypass Class 3 Root CA" + # Issuer: CN=Buypass Class 3 Root CA,O=Buypass AS-983163327,C=NO +@@ -12867,6 +12583,8 @@ CKA_VALUE MULTILINE_OCTAL + \116\223\303\244\124\024\133 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "T-TeleSec GlobalRoot Class 3" + # Issuer: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE +@@ -13016,6 +12734,8 @@ CKA_VALUE MULTILINE_OCTAL + \307\314\165\301\226\305\235 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "EE Certification Centre Root CA" + # Issuer: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE +@@ -13229,6 +12949,8 @@ CKA_VALUE MULTILINE_OCTAL + \164\145\327\134\376\243\342 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "D-TRUST Root Class 3 CA 2 2009" + # Issuer: CN=D-TRUST Root Class 3 CA 2 2009,O=D-Trust GmbH,C=DE +@@ -13373,6 +13095,8 @@ CKA_VALUE MULTILINE_OCTAL + \352\237\026\361\054\124\265 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "D-TRUST Root Class 3 CA 2 EV 2009" + # Issuer: CN=D-TRUST Root Class 3 CA 2 EV 2009,O=D-Trust GmbH,C=DE +@@ -13410,181 +13134,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST + CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST + CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +-# +-# Certificate "Swisscom Root CA 2" +-# +-# Issuer: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch +-# Serial Number:1e:9e:28:e8:48:f2:e5:ef:c3:7c:4a:1e:5a:18:67:b6 +-# Subject: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch +-# Not Valid Before: Fri Jun 24 08:38:14 2011 +-# Not Valid After : Wed Jun 25 07:38:14 2031 +-# Fingerprint (MD5): 5B:04:69:EC:A5:83:94:63:18:A7:86:D0:E4:F2:6E:19 +-# Fingerprint (SHA1): 77:47:4F:C6:30:E4:0F:4C:47:64:3F:84:BA:B8:C6:95:4A:8A:41:EC +-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +-CKA_TOKEN CK_BBOOL CK_TRUE +-CKA_PRIVATE CK_BBOOL CK_FALSE +-CKA_MODIFIABLE CK_BBOOL CK_FALSE +-CKA_LABEL UTF8 "Swisscom Root CA 2" +-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +-CKA_SUBJECT MULTILINE_OCTAL +-\060\144\061\013\060\011\006\003\125\004\006\023\002\143\150\061 +-\021\060\017\006\003\125\004\012\023\010\123\167\151\163\163\143 +-\157\155\061\045\060\043\006\003\125\004\013\023\034\104\151\147 +-\151\164\141\154\040\103\145\162\164\151\146\151\143\141\164\145 +-\040\123\145\162\166\151\143\145\163\061\033\060\031\006\003\125 +-\004\003\023\022\123\167\151\163\163\143\157\155\040\122\157\157 +-\164\040\103\101\040\062 +-END +-CKA_ID UTF8 "0" +-CKA_ISSUER MULTILINE_OCTAL +-\060\144\061\013\060\011\006\003\125\004\006\023\002\143\150\061 +-\021\060\017\006\003\125\004\012\023\010\123\167\151\163\163\143 +-\157\155\061\045\060\043\006\003\125\004\013\023\034\104\151\147 +-\151\164\141\154\040\103\145\162\164\151\146\151\143\141\164\145 +-\040\123\145\162\166\151\143\145\163\061\033\060\031\006\003\125 +-\004\003\023\022\123\167\151\163\163\143\157\155\040\122\157\157 +-\164\040\103\101\040\062 +-END +-CKA_SERIAL_NUMBER MULTILINE_OCTAL +-\002\020\036\236\050\350\110\362\345\357\303\174\112\036\132\030 +-\147\266 +-END +-CKA_VALUE MULTILINE_OCTAL +-\060\202\005\331\060\202\003\301\240\003\002\001\002\002\020\036 +-\236\050\350\110\362\345\357\303\174\112\036\132\030\147\266\060 +-\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\144 +-\061\013\060\011\006\003\125\004\006\023\002\143\150\061\021\060 +-\017\006\003\125\004\012\023\010\123\167\151\163\163\143\157\155 +-\061\045\060\043\006\003\125\004\013\023\034\104\151\147\151\164 +-\141\154\040\103\145\162\164\151\146\151\143\141\164\145\040\123 +-\145\162\166\151\143\145\163\061\033\060\031\006\003\125\004\003 +-\023\022\123\167\151\163\163\143\157\155\040\122\157\157\164\040 +-\103\101\040\062\060\036\027\015\061\061\060\066\062\064\060\070 +-\063\070\061\064\132\027\015\063\061\060\066\062\065\060\067\063 +-\070\061\064\132\060\144\061\013\060\011\006\003\125\004\006\023 +-\002\143\150\061\021\060\017\006\003\125\004\012\023\010\123\167 +-\151\163\163\143\157\155\061\045\060\043\006\003\125\004\013\023 +-\034\104\151\147\151\164\141\154\040\103\145\162\164\151\146\151 +-\143\141\164\145\040\123\145\162\166\151\143\145\163\061\033\060 +-\031\006\003\125\004\003\023\022\123\167\151\163\163\143\157\155 +-\040\122\157\157\164\040\103\101\040\062\060\202\002\042\060\015 +-\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\002 +-\017\000\060\202\002\012\002\202\002\001\000\225\102\116\204\235 +-\121\346\323\011\350\162\132\043\151\333\170\160\216\026\361\053 +-\217\015\003\316\223\314\056\000\010\173\253\063\214\364\351\100 +-\346\027\114\253\236\270\107\024\062\167\062\335\050\014\336\030 +-\113\137\166\237\370\071\073\374\116\211\330\174\305\147\357\253 +-\322\271\064\137\153\072\363\144\066\316\302\260\317\023\150\312 +-\310\313\353\265\342\075\056\041\337\352\054\324\340\371\160\226 +-\114\377\152\130\230\267\027\344\033\122\345\176\007\000\035\137 +-\332\346\076\225\004\267\151\210\071\241\101\140\045\141\113\225 +-\071\150\142\034\261\013\005\211\300\066\202\024\041\077\256\333 +-\241\375\274\157\034\140\206\266\123\224\111\271\053\106\305\117 +-\000\053\277\241\273\313\077\340\307\127\034\127\350\326\151\370 +-\301\044\122\235\210\125\335\302\207\056\164\043\320\024\375\052 +-\107\132\273\246\235\375\224\344\321\212\245\137\206\143\166\205 +-\313\257\377\111\050\374\200\355\114\171\322\273\344\300\357\001 +-\356\120\101\010\065\043\160\053\251\026\264\214\156\205\351\266 +-\021\317\061\335\123\046\033\337\055\132\112\002\100\374\304\300 +-\266\351\061\032\010\050\345\140\303\037\304\220\216\020\142\140 +-\104\015\354\012\276\125\030\161\054\245\364\262\274\025\142\377 +-\034\343\276\035\332\036\127\263\074\176\315\202\035\221\343\113 +-\353\054\122\064\260\212\375\022\116\226\260\353\160\177\236\071 +-\367\146\102\261\253\254\122\332\166\100\127\173\052\275\350\156 +-\003\262\013\200\205\210\235\014\307\302\167\260\232\232\127\364 +-\270\372\023\134\150\223\072\147\244\227\320\033\231\267\206\062 +-\113\140\330\316\357\320\014\177\225\237\157\207\117\207\212\216 +-\137\010\174\252\133\374\132\276\241\221\237\125\175\116\260\013 +-\151\314\260\224\250\247\207\362\323\112\120\334\137\162\260\026 +-\165\036\313\264\030\142\232\260\247\071\252\233\237\146\330\215 +-\246\154\226\025\343\346\362\370\361\203\142\154\273\125\351\141 +-\223\243\075\365\261\127\213\117\043\260\233\345\224\152\057\337 +-\214\337\225\121\051\140\241\013\051\344\134\125\130\267\250\374 +-\231\356\045\115\114\016\263\323\114\217\204\350\051\017\375\020 +-\124\002\205\310\371\345\303\213\317\347\017\002\003\001\000\001 +-\243\201\206\060\201\203\060\016\006\003\125\035\017\001\001\377 +-\004\004\003\002\001\206\060\035\006\003\125\035\041\004\026\060 +-\024\060\022\006\007\140\205\164\001\123\002\001\006\007\140\205 +-\164\001\123\002\001\060\022\006\003\125\035\023\001\001\377\004 +-\010\060\006\001\001\377\002\001\007\060\035\006\003\125\035\016 +-\004\026\004\024\115\046\040\042\211\113\323\325\244\012\241\157 +-\336\342\022\201\305\361\074\056\060\037\006\003\125\035\043\004 +-\030\060\026\200\024\115\046\040\042\211\113\323\325\244\012\241 +-\157\336\342\022\201\305\361\074\056\060\015\006\011\052\206\110 +-\206\367\015\001\001\013\005\000\003\202\002\001\000\062\012\262 +-\244\033\313\175\276\202\127\211\271\152\177\363\364\301\056\021 +-\175\270\031\076\171\267\250\250\162\067\146\233\032\355\254\023 +-\073\016\277\142\360\234\337\236\173\241\123\110\016\101\172\312 +-\040\247\027\033\266\170\354\100\221\363\102\255\020\303\134\357 +-\377\140\131\177\315\205\243\213\075\110\034\045\002\074\147\175 +-\365\062\351\057\060\345\175\245\172\070\320\363\146\052\146\036 +-\215\063\203\212\157\174\156\250\132\165\232\270\327\332\130\110 +-\104\107\250\114\372\114\111\012\112\302\022\067\250\100\014\303 +-\310\341\320\127\015\227\062\225\307\072\237\227\323\127\370\013 +-\336\345\162\363\243\333\377\265\330\131\262\163\335\115\052\161 +-\262\272\111\365\313\034\325\365\171\310\231\263\374\301\114\164 +-\343\264\275\051\067\025\004\050\036\336\105\106\160\354\257\272 +-\170\016\212\052\316\000\171\334\300\137\031\147\054\153\113\357 +-\150\150\013\103\343\254\301\142\011\357\246\335\145\141\240\257 +-\204\125\110\221\122\034\306\045\221\052\320\301\042\043\141\131 +-\257\105\021\205\035\001\044\064\217\317\263\377\027\162\040\023 +-\302\200\252\041\054\161\071\016\320\217\134\301\323\321\216\042 +-\162\106\114\035\226\256\117\161\261\341\005\051\226\131\364\273 +-\236\165\075\317\015\067\015\142\333\046\214\143\251\043\337\147 +-\006\074\174\072\332\064\102\341\146\264\106\004\336\306\226\230 +-\017\113\110\172\044\062\165\221\237\254\367\150\351\052\271\125 +-\145\316\135\141\323\047\160\330\067\376\237\271\257\240\056\126 +-\267\243\145\121\355\073\253\024\277\114\121\003\350\137\212\005 +-\233\356\212\156\234\357\277\150\372\310\332\013\343\102\311\320 +-\027\024\234\267\112\340\257\223\047\041\125\046\265\144\057\215 +-\361\377\246\100\005\205\005\134\312\007\031\134\013\023\050\114 +-\130\177\302\245\357\105\332\140\323\256\145\141\235\123\203\164 +-\302\256\362\134\302\026\355\222\076\204\076\163\140\210\274\166 +-\364\054\317\320\175\175\323\270\136\321\221\022\020\351\315\335 +-\312\045\343\325\355\231\057\276\165\201\113\044\371\105\106\224 +-\311\051\041\123\234\046\105\252\023\027\344\347\315\170\342\071 +-\301\053\022\236\246\236\033\305\346\016\331\061\331 +-END +-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +- +-# Trust for "Swisscom Root CA 2" +-# Issuer: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch +-# Serial Number:1e:9e:28:e8:48:f2:e5:ef:c3:7c:4a:1e:5a:18:67:b6 +-# Subject: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch +-# Not Valid Before: Fri Jun 24 08:38:14 2011 +-# Not Valid After : Wed Jun 25 07:38:14 2031 +-# Fingerprint (MD5): 5B:04:69:EC:A5:83:94:63:18:A7:86:D0:E4:F2:6E:19 +-# Fingerprint (SHA1): 77:47:4F:C6:30:E4:0F:4C:47:64:3F:84:BA:B8:C6:95:4A:8A:41:EC +-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +-CKA_TOKEN CK_BBOOL CK_TRUE +-CKA_PRIVATE CK_BBOOL CK_FALSE +-CKA_MODIFIABLE CK_BBOOL CK_FALSE +-CKA_LABEL UTF8 "Swisscom Root CA 2" +-CKA_CERT_SHA1_HASH MULTILINE_OCTAL +-\167\107\117\306\060\344\017\114\107\144\077\204\272\270\306\225 +-\112\212\101\354 +-END +-CKA_CERT_MD5_HASH MULTILINE_OCTAL +-\133\004\151\354\245\203\224\143\030\247\206\320\344\362\156\031 +-END +-CKA_ISSUER MULTILINE_OCTAL +-\060\144\061\013\060\011\006\003\125\004\006\023\002\143\150\061 +-\021\060\017\006\003\125\004\012\023\010\123\167\151\163\163\143 +-\157\155\061\045\060\043\006\003\125\004\013\023\034\104\151\147 +-\151\164\141\154\040\103\145\162\164\151\146\151\143\141\164\145 +-\040\123\145\162\166\151\143\145\163\061\033\060\031\006\003\125 +-\004\003\023\022\123\167\151\163\163\143\157\155\040\122\157\157 +-\164\040\103\101\040\062 +-END +-CKA_SERIAL_NUMBER MULTILINE_OCTAL +-\002\020\036\236\050\350\110\362\345\357\303\174\112\036\132\030 +-\147\266 +-END +-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE +- + # + # Certificate "CA Disig Root R2" + # +@@ -13711,6 +13260,8 @@ CKA_VALUE MULTILINE_OCTAL + \363\154\033\165\106\243\345\112\027\351\244\327\013 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "CA Disig Root R2" + # Issuer: CN=CA Disig Root R2,O=Disig a.s.,L=Bratislava,C=SK +@@ -13911,6 +13462,8 @@ CKA_VALUE MULTILINE_OCTAL + \125\064\106\052\213\206\073 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "ACCVRAIZ1" + # Issuer: C=ES,O=ACCV,OU=PKIACCV,CN=ACCVRAIZ1 +@@ -14071,6 +13624,8 @@ CKA_VALUE MULTILINE_OCTAL + \053\006\320\004\315 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "TWCA Global Root CA" + # Issuer: CN=TWCA Global Root CA,OU=Root CA,O=TAIWAN-CA,C=TW +@@ -14228,6 +13783,8 @@ CKA_VALUE MULTILINE_OCTAL + \245\240\314\277\323\366\165\244\165\226\155\126 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "TeliaSonera Root CA v1" + # Issuer: CN=TeliaSonera Root CA v1,O=TeliaSonera +@@ -14416,6 +13973,8 @@ CKA_VALUE MULTILINE_OCTAL + \243\253\157\134\035\266\176\350\263\202\064\355\006\134\044 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "E-Tugra Certification Authority" + # Issuer: CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tu..ra EBG Bili..im Teknolojileri ve Hizmetleri A....,L=Ankara,C=TR +@@ -14565,6 +14124,8 @@ CKA_VALUE MULTILINE_OCTAL + \005\047\216\023\241\156\302 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "T-TeleSec GlobalRoot Class 2" + # Issuer: CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE +@@ -14696,6 +14257,8 @@ CKA_VALUE MULTILINE_OCTAL + \035\362\376\011\021\260\360\207\173\247\235 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "Atos TrustedRoot 2011" + # Issuer: C=DE,O=Atos,CN=Atos TrustedRoot 2011 +@@ -14856,6 +14419,8 @@ CKA_VALUE MULTILINE_OCTAL + \063\140\345\303 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "QuoVadis Root CA 1 G3" + # Issuer: CN=QuoVadis Root CA 1 G3,O=QuoVadis Limited,C=BM +@@ -15018,6 +14583,8 @@ CKA_VALUE MULTILINE_OCTAL + \203\336\177\214 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "QuoVadis Root CA 2 G3" + # Issuer: CN=QuoVadis Root CA 2 G3,O=QuoVadis Limited,C=BM +@@ -15180,6 +14747,8 @@ CKA_VALUE MULTILINE_OCTAL + \130\371\230\364 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "QuoVadis Root CA 3 G3" + # Issuer: CN=QuoVadis Root CA 3 G3,O=QuoVadis Limited,C=BM +@@ -15317,6 +14886,8 @@ CKA_VALUE MULTILINE_OCTAL + \042\023\163\154\317\046\365\212\051\347 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "DigiCert Assured ID Root G2" + # Issuer: CN=DigiCert Assured ID Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US +@@ -15435,6 +15006,8 @@ CKA_VALUE MULTILINE_OCTAL + \352\226\143\152\145\105\222\225\001\264 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "DigiCert Assured ID Root G3" + # Issuer: CN=DigiCert Assured ID Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US +@@ -15574,6 +15147,8 @@ CKA_VALUE MULTILINE_OCTAL + \062\266 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "DigiCert Global Root G2" + # Issuer: CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US +@@ -15692,6 +15267,8 @@ CKA_VALUE MULTILINE_OCTAL + \263\047\027 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "DigiCert Global Root G3" + # Issuer: CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US +@@ -15863,6 +15440,8 @@ CKA_VALUE MULTILINE_OCTAL + \317\363\146\176 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "DigiCert Trusted Root G4" + # Issuer: CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US +@@ -16042,6 +15621,8 @@ CKA_VALUE MULTILINE_OCTAL + \065\123\205\006\112\135\237\255\273\033\137\164 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "COMODO RSA Certification Authority" + # Issuer: CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB +@@ -16224,6 +15805,8 @@ CKA_VALUE MULTILINE_OCTAL + \250\375 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "USERTrust RSA Certification Authority" + # Issuer: CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US +@@ -16353,6 +15936,8 @@ CKA_VALUE MULTILINE_OCTAL + \127\152\030 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "USERTrust ECC Certification Authority" + # Issuer: CN=USERTrust ECC Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US +@@ -16465,6 +16050,8 @@ CKA_VALUE MULTILINE_OCTAL + \173\013\370\237\204 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "GlobalSign ECC Root CA - R4" + # Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R4 +@@ -16578,6 +16165,8 @@ CKA_VALUE MULTILINE_OCTAL + \220\067 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "GlobalSign ECC Root CA - R5" + # Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R5 +@@ -16743,6 +16332,8 @@ CKA_VALUE MULTILINE_OCTAL + \367\200\173\041\147\047\060\131 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "Staat der Nederlanden Root CA - G3" + # Issuer: CN=Staat der Nederlanden Root CA - G3,O=Staat der Nederlanden,C=NL +@@ -16907,6 +16498,8 @@ CKA_VALUE MULTILINE_OCTAL + \356\354\327\056 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "Staat der Nederlanden EV Root CA" + # Issuer: CN=Staat der Nederlanden EV Root CA,O=Staat der Nederlanden,C=NL +@@ -17069,6 +16662,8 @@ CKA_VALUE MULTILINE_OCTAL + \272\204\156\207 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "IdenTrust Commercial Root CA 1" + # Issuer: CN=IdenTrust Commercial Root CA 1,O=IdenTrust,C=US +@@ -17231,6 +16826,8 @@ CKA_VALUE MULTILINE_OCTAL + \267\254\266\255\267\312\076\001\357\234 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "IdenTrust Public Sector Root CA 1" + # Issuer: CN=IdenTrust Public Sector Root CA 1,O=IdenTrust,C=US +@@ -17390,6 +16987,8 @@ CKA_VALUE MULTILINE_OCTAL + \105\366 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "Entrust Root Certification Authority - G2" + # Issuer: CN=Entrust Root Certification Authority - G2,OU="(c) 2009 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US +@@ -17535,6 +17134,8 @@ CKA_VALUE MULTILINE_OCTAL + \231\267\046\101\133\045\140\256\320\110\032\356\006 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "Entrust Root Certification Authority - EC1" + # Issuer: CN=Entrust Root Certification Authority - EC1,OU="(c) 2012 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US +@@ -17708,6 +17309,8 @@ CKA_VALUE MULTILINE_OCTAL + \056 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "CFCA EV ROOT" + # Issuer: CN=CFCA EV ROOT,O=China Financial Certification Authority,C=CN +@@ -17847,6 +17450,8 @@ CKA_VALUE MULTILINE_OCTAL + \065\255\201\307\116\161\272\210\023 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "OISTE WISeKey Global Root GB CA" + # Issuer: CN=OISTE WISeKey Global Root GB CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH +@@ -17982,6 +17587,8 @@ CKA_VALUE MULTILINE_OCTAL + \326\040\036\343\163\267 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "SZAFIR ROOT CA2" + # Issuer: CN=SZAFIR ROOT CA2,O=Krajowa Izba Rozliczeniowa S.A.,C=PL +@@ -18160,6 +17767,8 @@ CKA_VALUE MULTILINE_OCTAL + \016\265\271\276\044\217 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "Certum Trusted Network CA 2" + # Issuer: CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL +@@ -18347,6 +17956,8 @@ CKA_VALUE MULTILINE_OCTAL + \276\157\152\247\365\054\102\355\062\255\266\041\236\276\274 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "Hellenic Academic and Research Institutions RootCA 2015" + # Issuer: CN=Hellenic Academic and Research Institutions RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR +@@ -18483,6 +18094,8 @@ CKA_VALUE MULTILINE_OCTAL + \342\174\352\002\130\042\221 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "Hellenic Academic and Research Institutions ECC RootCA 2015" + # Issuer: CN=Hellenic Academic and Research Institutions ECC RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR +@@ -18652,6 +18265,8 @@ CKA_VALUE MULTILINE_OCTAL + \376\216\036\127\242\315\100\235\176\142\042\332\336\030\047 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "ISRG Root X1" + # Issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US +@@ -18815,6 +18430,8 @@ CKA_VALUE MULTILINE_OCTAL + \072\117\110\366\213\266\263 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "AC RAIZ FNMT-RCM" + # Issuer: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES +@@ -18940,6 +18557,8 @@ CKA_VALUE MULTILINE_OCTAL + \304\220\276\361\271 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "Amazon Root CA 1" + # Issuer: CN=Amazon Root CA 1,O=Amazon,C=US +@@ -19097,6 +18716,8 @@ CKA_VALUE MULTILINE_OCTAL + \340\373\011\140\154 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "Amazon Root CA 2" + # Issuer: CN=Amazon Root CA 2,O=Amazon,C=US +@@ -19197,6 +18818,8 @@ CKA_VALUE MULTILINE_OCTAL + \143\044\110\034\337\060\175\325\150\073 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "Amazon Root CA 3" + # Issuer: CN=Amazon Root CA 3,O=Amazon,C=US +@@ -19301,6 +18924,8 @@ CKA_VALUE MULTILINE_OCTAL + \012\166\324\245\274\020 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "Amazon Root CA 4" + # Issuer: CN=Amazon Root CA 4,O=Amazon,C=US +@@ -19468,6 +19093,8 @@ CKA_VALUE MULTILINE_OCTAL + \045\307\043\200\203\012\353 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "LuxTrust Global Root 2" + # Issuer: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU +@@ -19617,6 +19244,8 @@ CKA_VALUE MULTILINE_OCTAL + \322\063\340\377\275\321\124\071\051\017 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "Symantec Class 1 Public Primary Certification Authority - G6" + # Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US +@@ -19771,6 +19400,8 @@ CKA_VALUE MULTILINE_OCTAL + \157\374\132\344\202\125\131\257\061\251 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "Symantec Class 2 Public Primary Certification Authority - G6" + # Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US +@@ -19904,6 +19535,8 @@ CKA_VALUE MULTILINE_OCTAL + \362\014\105\111\071\277\231\004\034\323\020\240 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "Symantec Class 1 Public Primary Certification Authority - G4" + # Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US +@@ -20037,6 +19670,8 @@ CKA_VALUE MULTILINE_OCTAL + \051\246\330\107\331\240\226\030\333\362\105\263 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "Symantec Class 2 Public Primary Certification Authority - G4" + # Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US +@@ -20182,6 +19817,8 @@ CKA_VALUE MULTILINE_OCTAL + \137\134 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "D-TRUST Root CA 3 2013" + # Issuer: CN=D-TRUST Root CA 3 2013,O=D-Trust GmbH,C=DE +@@ -20344,6 +19981,8 @@ CKA_VALUE MULTILINE_OCTAL + \237\042\136\242\017\241\343 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1" + # Issuer: CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1,OU=Kamu Sertifikasyon Merkezi - Kamu SM,O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK,L=Gebze - Kocaeli,C=TR +@@ -20519,6 +20158,8 @@ CKA_VALUE MULTILINE_OCTAL + \250\267\101\154\007\335\275\074\206\227\057\322 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "GDCA TrustAUTH R5 ROOT" + # Issuer: CN=GDCA TrustAUTH R5 ROOT,O="GUANG DONG CERTIFICATE AUTHORITY CO.,LTD.",C=CN +@@ -20674,6 +20315,8 @@ CKA_VALUE MULTILINE_OCTAL + \132\171\054\031 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "TrustCor RootCert CA-1" + # Issuer: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA +@@ -20865,6 +20508,8 @@ CKA_VALUE MULTILINE_OCTAL + \326\354\011 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "TrustCor RootCert CA-2" + # Issuer: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA +@@ -21021,6 +20666,8 @@ CKA_VALUE MULTILINE_OCTAL + \264\237\327\346 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "TrustCor ECA-1" + # Issuer: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA +@@ -21200,6 +20847,8 @@ CKA_VALUE MULTILINE_OCTAL + \271 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "SSL.com Root Certification Authority RSA" + # Issuer: CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US +@@ -21324,6 +20973,8 @@ CKA_VALUE MULTILINE_OCTAL + \145 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "SSL.com Root Certification Authority ECC" + # Issuer: CN=SSL.com Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US +@@ -21503,6 +21154,8 @@ CKA_VALUE MULTILINE_OCTAL + \040\022\215\264\254\127\261\105\143\241\254\166\251\302\373 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "SSL.com EV Root Certification Authority RSA R2" + # Issuer: CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US +@@ -21630,6 +21283,8 @@ CKA_VALUE MULTILINE_OCTAL + \371\007\340\142\232\214\134\112 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "SSL.com EV Root Certification Authority ECC" + # Issuer: CN=SSL.com EV Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US +@@ -21796,6 +21451,8 @@ CKA_VALUE MULTILINE_OCTAL + \147\203\005\132\311\244\020 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "GlobalSign Root CA - R6" + # Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R6 +@@ -21913,6 +21570,8 @@ CKA_VALUE MULTILINE_OCTAL + \242\355\357\173\260\200\117\130\017\113\123\071\275 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "OISTE WISeKey Global Root GC CA" + # Issuer: CN=OISTE WISeKey Global Root GC CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH +@@ -22076,6 +21735,8 @@ CKA_VALUE MULTILINE_OCTAL + \361\306\143\107\125\034\272\245\010\121\165\246\110\045 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "GTS Root R1" + # Issuer: CN=GTS Root R1,O=Google Trust Services LLC,C=US +@@ -22237,6 +21898,8 @@ CKA_VALUE MULTILINE_OCTAL + \267\375\054\010\122\117\202\335\243\360\324\206\011\002 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "GTS Root R2" + # Issuer: CN=GTS Root R2,O=Google Trust Services LLC,C=US +@@ -22345,6 +22008,8 @@ CKA_VALUE MULTILINE_OCTAL + \232\051\252\226\323\203\043\311\244\173\141\263\314\002\350\135 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "GTS Root R3" + # Issuer: CN=GTS Root R3,O=Google Trust Services LLC,C=US +@@ -22453,6 +22118,8 @@ CKA_VALUE MULTILINE_OCTAL + \161\314\362\260\115\326\376\231\310\224\251\165\242\343 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "GTS Root R4" + # Issuer: CN=GTS Root R4,O=Google Trust Services LLC,C=US +@@ -22611,6 +22278,8 @@ CKA_VALUE MULTILINE_OCTAL + \120\037\212\373\006\365\302\031\360\320 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "UCA Global G2 Root" + # Issuer: CN=UCA Global G2 Root,O=UniTrust,C=CN +@@ -22771,6 +22440,8 @@ CKA_VALUE MULTILINE_OCTAL + \177\275\145\040\262\311\301\053\166\030\166\237\126\261 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "UCA Extended Validation Root" + # Issuer: CN=UCA Extended Validation Root,O=UniTrust,C=CN +@@ -22950,6 +22621,8 @@ CKA_VALUE MULTILINE_OCTAL + \045\124\377\242\332\117\212\141\071\136\256\075\112\214\275 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "Certigna Root CA" + # Issuer: CN=Certigna Root CA,OU=0002 48146308100036,O=Dhimyotis,C=FR +@@ -23087,6 +22760,8 @@ CKA_VALUE MULTILINE_OCTAL + \210\336\272\314\037\200\176\112 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "emSign Root CA - G1" + # Issuer: CN=emSign Root CA - G1,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN +@@ -23204,6 +22879,8 @@ CKA_VALUE MULTILINE_OCTAL + \054\243 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "emSign ECC Root CA - G3" + # Issuer: CN=emSign ECC Root CA - G3,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN +@@ -23337,6 +23014,8 @@ CKA_VALUE MULTILINE_OCTAL + \361\337\312\276\203\015\102 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "emSign Root CA - C1" + # Issuer: CN=emSign Root CA - C1,O=eMudhra Inc,OU=emSign PKI,C=US +@@ -23448,6 +23127,8 @@ CKA_VALUE MULTILINE_OCTAL + \276\201\007\125\060\120\040\024\365\127\070\012\250\061\121 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "emSign ECC Root CA - C3" + # Issuer: CN=emSign ECC Root CA - C3,O=eMudhra Inc,OU=emSign PKI,C=US +@@ -23623,6 +23304,8 @@ CKA_VALUE MULTILINE_OCTAL + \232\233\364 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "Hongkong Post Root CA 3" + # Issuer: CN=Hongkong Post Root CA 3,O=Hongkong Post,L=Hong Kong,ST=Hong Kong,C=HK diff --git a/patches/node/tools_update_certdata_txt_to_nss_3_53.patch b/patches/node/tools_update_certdata_txt_to_nss_3_53.patch new file mode 100644 index 0000000000000..e33a8b1f0e60b --- /dev/null +++ b/patches/node/tools_update_certdata_txt_to_nss_3_53.patch @@ -0,0 +1,409 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: AshCripps +Date: Mon, 1 Jun 2020 13:31:36 +0100 +Subject: tools: update certdata.txt to NSS 3.53 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This is the certdata.txt[0] from NSS 3.53, released on 2020-05-29. + +This is the version of NSS that will ship in Firefox 78 on +2020-06-30. + +[0] https://hg.mozilla.org/projects/nss/raw-file/NSS_3_53_RTM/lib/ckfw/builtins/certdata.txt + +PR-URL: https://github.com/nodejs/node/pull/33682 +Reviewed-By: James M Snell +Reviewed-By: Sam Roberts +Reviewed-By: Beth Griggs +Reviewed-By: Juan José Arboleda + +diff --git a/tools/certdata.txt b/tools/certdata.txt +index 3a44db293df268fd3f183f5a297a368ac51d975d..ea14926063b4b5e61a90d0f330d60172317e4346 100644 +--- a/tools/certdata.txt ++++ b/tools/certdata.txt +@@ -1810,7 +1810,10 @@ CKA_VALUE MULTILINE_OCTAL + \302\005\146\200\241\313\346\063 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++# For Server Distrust After: Wed Jan 01 00:00:00 2020 ++CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL ++\062\060\060\061\060\061\060\060\060\060\060\060\132 ++END + CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "GeoTrust Global CA" +@@ -1972,7 +1975,10 @@ CKA_VALUE MULTILINE_OCTAL + \244\346\216\330\371\051\110\212\316\163\376\054 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++# For Server Distrust After: Sun Sep 30 00:00:00 2018 ++CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL ++\061\070\060\071\063\060\060\060\060\060\060\060\132 ++END + CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "GeoTrust Universal CA" +@@ -2134,7 +2140,10 @@ CKA_VALUE MULTILINE_OCTAL + \362\034\054\176\256\002\026\322\126\320\057\127\123\107\350\222 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++# For Server Distrust After: Wed Jan 01 00:00:00 2020 ++CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL ++\062\060\060\061\060\061\060\060\060\060\060\060\132 ++END + CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "GeoTrust Universal CA 2" +@@ -4131,7 +4140,10 @@ CKA_VALUE MULTILINE_OCTAL + \245\206\054\174\364\022 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++# For Server Distrust After: Thu Sep 19 00:00:00 2019 ++CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL ++\061\071\060\071\061\071\060\060\060\060\060\060\132 ++END + CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "Taiwan GRCA" +@@ -5329,7 +5341,10 @@ CKA_VALUE MULTILINE_OCTAL + \253\022\350\263\336\132\345\240\174\350\017\042\035\132\351\131 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++# For Server Distrust After: Tue Apr 30 00:00:00 2019 ++CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL ++\061\071\060\064\063\060\060\060\060\060\060\060\132 ++END + CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "GeoTrust Primary Certification Authority" +@@ -5486,7 +5501,10 @@ CKA_VALUE MULTILINE_OCTAL + \215\126\214\150 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++# For Server Distrust After: Tue Apr 30 00:00:00 2019 ++CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL ++\061\071\060\064\063\060\060\060\060\060\060\060\132 ++END + CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "thawte Primary Root CA" +@@ -5663,7 +5681,10 @@ CKA_VALUE MULTILINE_OCTAL + \254\021\326\250\355\143\152 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++# For Server Distrust After: Tue Apr 30 00:00:00 2019 ++CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL ++\061\071\060\064\063\060\060\060\060\060\060\060\132 ++END + CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "VeriSign Class 3 Public Primary Certification Authority - G5" +@@ -7240,7 +7261,10 @@ CKA_VALUE MULTILINE_OCTAL + \021\055 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++# For Server Distrust After: Tue Apr 30 00:00:00 2019 ++CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL ++\061\071\060\064\063\060\060\060\060\060\060\060\132 ++END + CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "GeoTrust Primary Certification Authority - G3" +@@ -7371,7 +7395,10 @@ CKA_VALUE MULTILINE_OCTAL + \367\130\077\056\162\002\127\243\217\241\024\056 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++# For Server Distrust After: Sun Sep 30 00:00:00 2018 ++CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL ++\061\070\060\071\063\060\060\060\060\060\060\060\132 ++END + CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "thawte Primary Root CA - G2" +@@ -7533,7 +7560,10 @@ CKA_VALUE MULTILINE_OCTAL + \061\324\100\032\142\064\066\077\065\001\256\254\143\240 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++# For Server Distrust After: Tue Apr 30 00:00:00 2019 ++CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL ++\061\071\060\064\063\060\060\060\060\060\060\060\132 ++END + CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "thawte Primary Root CA - G3" +@@ -7671,7 +7701,10 @@ CKA_VALUE MULTILINE_OCTAL + \017\212 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++# For Server Distrust After: Wed Jan 01 00:00:00 2020 ++CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL ++\062\060\060\061\060\061\060\060\060\060\060\060\132 ++END + CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "GeoTrust Primary Certification Authority - G2" +@@ -7843,7 +7876,10 @@ CKA_VALUE MULTILINE_OCTAL + \354\315\202\141\361\070\346\117\227\230\052\132\215 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++# For Server Distrust After: Tue Apr 30 00:00:00 2019 ++CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL ++\061\071\060\064\063\060\060\060\060\060\060\060\132 ++END + CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "VeriSign Universal Root Certification Authority" +@@ -8000,7 +8036,10 @@ CKA_VALUE MULTILINE_OCTAL + \055\247\330\206\052\335\056\020 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++# For Server Distrust After: Thu Jan 31 00:00:00 2019 ++CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL ++\061\071\060\061\063\061\060\060\060\060\060\060\132 ++END + CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "VeriSign Class 3 Public Primary Certification Authority - G4" +@@ -11580,7 +11619,10 @@ CKA_VALUE MULTILINE_OCTAL + \371\210\075\176\270\157\156\003\344\102 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++# For Server Distrust After: Sat Dec 28 00:00:00 2019 ++CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL ++\061\071\061\062\062\070\060\060\060\060\060\060\132 ++END + CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for Certificate "EC-ACC" +@@ -12734,7 +12776,10 @@ CKA_VALUE MULTILINE_OCTAL + \307\314\165\301\226\305\235 + END + CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE ++# For Server Distrust After: Fri Sep 01 00:00:00 2017 ++CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL ++\061\067\060\071\060\061\060\060\060\060\060\060\132 ++END + CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + + # Trust for "EE Certification Centre Root CA" +@@ -23345,3 +23390,203 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR + CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST + CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST + CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE ++ ++# ++# Certificate "Entrust Root Certification Authority - G4" ++# ++# Issuer: CN=Entrust Root Certification Authority - G4,OU="(c) 2015 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US ++# Serial Number:00:d9:b5:43:7f:af:a9:39:0f:00:00:00:00:55:65:ad:58 ++# Subject: CN=Entrust Root Certification Authority - G4,OU="(c) 2015 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US ++# Not Valid Before: Wed May 27 11:11:16 2015 ++# Not Valid After : Sun Dec 27 11:41:16 2037 ++# Fingerprint (SHA-256): DB:35:17:D1:F6:73:2A:2D:5A:B9:7C:53:3E:C7:07:79:EE:32:70:A6:2F:B4:AC:42:38:37:24:60:E6:F0:1E:88 ++# Fingerprint (SHA1): 14:88:4E:86:26:37:B0:26:AF:59:62:5C:40:77:EC:35:29:BA:96:01 ++CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE ++CKA_TOKEN CK_BBOOL CK_TRUE ++CKA_PRIVATE CK_BBOOL CK_FALSE ++CKA_MODIFIABLE CK_BBOOL CK_FALSE ++CKA_LABEL UTF8 "Entrust Root Certification Authority - G4" ++CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 ++CKA_SUBJECT MULTILINE_OCTAL ++\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123 ++\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165 ++\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004 ++\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165 ++\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162 ++\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051 ++\040\062\060\061\065\040\105\156\164\162\165\163\164\054\040\111 ++\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162 ++\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060 ++\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040 ++\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151 ++\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107 ++\064 ++END ++CKA_ID UTF8 "0" ++CKA_ISSUER MULTILINE_OCTAL ++\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123 ++\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165 ++\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004 ++\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165 ++\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162 ++\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051 ++\040\062\060\061\065\040\105\156\164\162\165\163\164\054\040\111 ++\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162 ++\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060 ++\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040 ++\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151 ++\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107 ++\064 ++END ++CKA_SERIAL_NUMBER MULTILINE_OCTAL ++\002\021\000\331\265\103\177\257\251\071\017\000\000\000\000\125 ++\145\255\130 ++END ++CKA_VALUE MULTILINE_OCTAL ++\060\202\006\113\060\202\004\063\240\003\002\001\002\002\021\000 ++\331\265\103\177\257\251\071\017\000\000\000\000\125\145\255\130 ++\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 ++\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123\061 ++\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165\163 ++\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013 ++\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165\163 ++\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162\155 ++\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051\040 ++\062\060\061\065\040\105\156\164\162\165\163\164\054\040\111\156 ++\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162\151 ++\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060\060 ++\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040\122 ++\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157 ++\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107\064 ++\060\036\027\015\061\065\060\065\062\067\061\061\061\061\061\066 ++\132\027\015\063\067\061\062\062\067\061\061\064\061\061\066\132 ++\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123 ++\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165 ++\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004 ++\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165 ++\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162 ++\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051 ++\040\062\060\061\065\040\105\156\164\162\165\163\164\054\040\111 ++\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162 ++\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060 ++\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040 ++\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151 ++\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107 ++\064\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001 ++\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002 ++\001\000\261\354\054\102\356\342\321\060\377\245\222\107\342\055 ++\303\272\144\227\155\312\367\015\265\131\301\263\313\250\150\031 ++\330\257\204\155\060\160\135\176\363\056\322\123\231\341\376\037 ++\136\331\110\257\135\023\215\333\377\143\063\115\323\000\002\274 ++\304\370\321\006\010\224\171\130\212\025\336\051\263\375\375\304 ++\117\350\252\342\240\073\171\315\277\153\103\062\335\331\164\020 ++\271\367\364\150\324\273\320\207\325\252\113\212\052\157\052\004 ++\265\262\246\307\240\172\346\110\253\322\321\131\314\326\176\043 ++\346\227\154\360\102\345\334\121\113\025\101\355\111\112\311\336 ++\020\227\326\166\301\357\245\265\066\024\227\065\330\170\042\065 ++\122\357\103\275\333\047\333\141\126\202\064\334\313\210\140\014 ++\013\132\345\054\001\306\124\257\327\252\301\020\173\322\005\132 ++\270\100\236\206\247\303\220\206\002\126\122\011\172\234\322\047 ++\202\123\112\145\122\152\365\074\347\250\362\234\257\213\275\323 ++\016\324\324\136\156\207\236\152\075\105\035\321\135\033\364\351 ++\012\254\140\231\373\211\264\377\230\054\317\174\035\351\002\252 ++\004\232\036\270\334\210\156\045\263\154\146\367\074\220\363\127 ++\301\263\057\365\155\362\373\312\241\370\051\235\106\213\263\152 ++\366\346\147\007\276\054\147\012\052\037\132\262\076\127\304\323 ++\041\041\143\145\122\221\033\261\231\216\171\176\346\353\215\000 ++\331\132\252\352\163\350\244\202\002\107\226\376\133\216\124\141 ++\243\353\057\113\060\260\213\043\165\162\174\041\074\310\366\361 ++\164\324\034\173\243\005\125\356\273\115\073\062\276\232\167\146 ++\236\254\151\220\042\007\037\141\072\226\276\345\232\117\314\005 ++\074\050\131\323\301\014\124\250\131\141\275\310\162\114\350\334 ++\237\207\177\275\234\110\066\136\225\243\016\271\070\044\125\374 ++\165\146\353\002\343\010\064\051\112\306\343\053\057\063\240\332 ++\243\206\245\022\227\375\200\053\332\024\102\343\222\275\076\362 ++\135\136\147\164\056\034\210\107\051\064\137\342\062\250\234\045 ++\067\214\272\230\000\227\213\111\226\036\375\045\212\254\334\332 ++\330\135\164\156\146\260\377\104\337\241\030\306\276\110\057\067 ++\224\170\370\225\112\077\177\023\136\135\131\375\164\206\103\143 ++\163\111\002\003\001\000\001\243\102\060\100\060\017\006\003\125 ++\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003 ++\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003 ++\125\035\016\004\026\004\024\237\070\304\126\043\303\071\350\240 ++\161\154\350\124\114\344\350\072\261\277\147\060\015\006\011\052 ++\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000\022 ++\345\102\246\173\213\017\014\344\106\245\266\140\100\207\214\045 ++\176\255\270\150\056\133\306\100\166\074\003\370\311\131\364\363 ++\253\142\316\020\215\264\132\144\214\150\300\260\162\103\064\322 ++\033\013\366\054\123\322\312\220\113\206\146\374\252\203\042\364 ++\213\032\157\046\110\254\166\167\010\277\305\230\134\364\046\211 ++\236\173\303\271\144\062\001\177\323\303\335\130\155\354\261\253 ++\204\125\164\167\204\004\047\122\153\206\114\316\335\271\145\377 ++\326\306\136\237\232\020\231\113\165\152\376\152\351\227\040\344 ++\344\166\172\306\320\044\252\220\315\040\220\272\107\144\373\177 ++\007\263\123\170\265\012\142\362\163\103\316\101\053\201\152\056 ++\205\026\224\123\324\153\137\162\042\253\121\055\102\325\000\234 ++\231\277\336\273\224\073\127\375\232\365\206\313\126\073\133\210 ++\001\345\174\050\113\003\371\111\203\174\262\177\174\343\355\216 ++\241\177\140\123\216\125\235\120\064\022\017\267\227\173\154\207 ++\112\104\347\365\155\354\200\067\360\130\031\156\112\150\166\360 ++\037\222\344\352\265\222\323\141\121\020\013\255\247\331\137\307 ++\137\334\037\243\134\214\241\176\233\267\236\323\126\157\146\136 ++\007\226\040\355\013\164\373\146\116\213\021\025\351\201\111\176 ++\157\260\324\120\177\042\327\137\145\002\015\246\364\205\036\330 ++\256\006\113\112\247\322\061\146\302\370\316\345\010\246\244\002 ++\226\104\150\127\304\325\063\317\031\057\024\304\224\034\173\244 ++\331\360\237\016\261\200\342\321\236\021\144\251\210\021\072\166 ++\202\345\142\302\200\330\244\203\355\223\357\174\057\220\260\062 ++\114\226\025\150\110\122\324\231\010\300\044\350\034\343\263\245 ++\041\016\222\300\220\037\317\040\137\312\073\070\307\267\155\072 ++\363\346\104\270\016\061\153\210\216\160\353\234\027\122\250\101 ++\224\056\207\266\347\246\022\305\165\337\133\300\012\156\173\244 ++\344\136\206\371\066\224\337\167\303\351\015\300\071\361\171\273 ++\106\216\253\103\131\047\267\040\273\043\351\126\100\041\354\061 ++\075\145\252\103\362\075\337\160\104\341\272\115\046\020\073\230 ++\237\363\310\216\033\070\126\041\152\121\223\323\221\312\106\332 ++\211\267\075\123\203\054\010\037\213\217\123\335\377\254\037 ++END ++CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE ++ ++# Trust for "Entrust Root Certification Authority - G4" ++# Issuer: CN=Entrust Root Certification Authority - G4,OU="(c) 2015 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US ++# Serial Number:00:d9:b5:43:7f:af:a9:39:0f:00:00:00:00:55:65:ad:58 ++# Subject: CN=Entrust Root Certification Authority - G4,OU="(c) 2015 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US ++# Not Valid Before: Wed May 27 11:11:16 2015 ++# Not Valid After : Sun Dec 27 11:41:16 2037 ++# Fingerprint (SHA-256): DB:35:17:D1:F6:73:2A:2D:5A:B9:7C:53:3E:C7:07:79:EE:32:70:A6:2F:B4:AC:42:38:37:24:60:E6:F0:1E:88 ++# Fingerprint (SHA1): 14:88:4E:86:26:37:B0:26:AF:59:62:5C:40:77:EC:35:29:BA:96:01 ++CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST ++CKA_TOKEN CK_BBOOL CK_TRUE ++CKA_PRIVATE CK_BBOOL CK_FALSE ++CKA_MODIFIABLE CK_BBOOL CK_FALSE ++CKA_LABEL UTF8 "Entrust Root Certification Authority - G4" ++CKA_CERT_SHA1_HASH MULTILINE_OCTAL ++\024\210\116\206\046\067\260\046\257\131\142\134\100\167\354\065 ++\051\272\226\001 ++END ++CKA_CERT_MD5_HASH MULTILINE_OCTAL ++\211\123\361\203\043\267\174\216\005\361\214\161\070\116\037\210 ++END ++CKA_ISSUER MULTILINE_OCTAL ++\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123 ++\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165 ++\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004 ++\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165 ++\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162 ++\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051 ++\040\062\060\061\065\040\105\156\164\162\165\163\164\054\040\111 ++\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162 ++\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060 ++\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040 ++\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151 ++\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107 ++\064 ++END ++CKA_SERIAL_NUMBER MULTILINE_OCTAL ++\002\021\000\331\265\103\177\257\251\071\017\000\000\000\000\125 ++\145\255\130 ++END ++CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR ++CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR ++CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST ++CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE