Browse files

Embed a new root CA certificate to follow an update of the server.

* twittering-mode.el: Embed a new root CA certificate to follow
an update of the server.
(twittering-ca-cert-alist): add a new root CA certificate,
`GeoTrust Global CA' in order to follow the update of the server
certificate of `search.twitter.com'.
  • Loading branch information...
1 parent f99eb4a commit 193cc86c98290d5cec7d37876a018a3953682962 @cvmat cvmat committed Jul 29, 2011
Showing with 77 additions and 15 deletions.
  1. +6 −0 ChangeLog
  2. +6 −5 NEWS
  3. +6 −4 NEWS.ja
  4. +20 −0 cert/GeoTrust_Global_CA.cer
  5. +39 −6 twittering-mode.el
View
6 ChangeLog
@@ -15,6 +15,12 @@
used by OpenSSL before 1.0.0 and the other hash by the newer
algorithm used by OpenSSL 1.0.0 and later.
+ * twittering-mode.el: Embed a new root CA certificate to follow
+ an update of the server.
+ (twittering-ca-cert-alist): add a new root CA certificate,
+ `GeoTrust Global CA' in order to follow the update of the server
+ certificate of `search.twitter.com'.
+
2011-07-25 Tadashi MATSUO <tad@mymail.twin.jp>
* twittering-mode.el: Fix the API call for `user_timeline' in
View
11 NEWS
@@ -30,12 +30,13 @@
`twittering-goto-previous-thing'. With a prefix argument by
preceding "C-u", they ignore things except URIs explicitly written
in a tweet.
-* Another root CA certificate.
- The root CA certificate `VeriSign Class 3 Public Primary CA - G2' is
- also embedded in `twittering-mode.el'. It is used for verifying the
- server `api.twitter.com'. The certificate `Equifax Secure
+* Additional root CA certificates.
+ The root CA certificates `VeriSign Class 3 Public Primary CA - G2'
+ and `GeoTrust Global CA' are also embedded in `twittering-mode.el'.
+ They are used for verifying `api.twitter.com' and
+ `search.twitter.com', respectively. The certificate `Equifax Secure
Certificate Authority', which has been embedded, is now used for
- verifying the server `search.twitter.com'.
+ verifying the server `www.googleapis.com' when shortening a URI.
### Bug fixes
* Fix of displaying a message of authorization.
View
10 NEWS.ja
@@ -29,10 +29,12 @@
`twittering-goto-previous-thing'にC-uでprefix argumentを与えると
tweet中のURI文字列だけを対象としてジャンプするようになりました。
* CA証明書を追加
- 新たにRoot CA証明書`VeriSign Class 3 Public Primary CA - G2'を内蔵し
- ました。この証明書は`api.twitter.com'のサーバ認証で参照されます。以
- 前から内蔵されている証明書`Equifax Secure Certificate Authority'は
- `search.twitter.com'のサーバ認証でのみ参照されるようになりました。
+ 新たにRoot CA証明書`VeriSign Class 3 Public Primary CA - G2'と
+ `GeoTrust Global CA'を内蔵しました。これらの証明書はそれぞれ、
+ `api.twitter.com'と`search.twitter.com'のサーバ認証で参照されます。
+ 以前から内蔵されている証明書`Equifax Secure Certificate Authority'は
+ URI短縮に用いる`www.googleapis.com'のサーバ認証でのみ参照されるよう
+ になりました。
### バグ修正
* 認証成功・失敗についてのメッセージが表示されるよう修正
View
20 cert/GeoTrust_Global_CA.cer
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
+MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
+YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
+EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
+R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
+9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
+fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
+iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
+1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
+MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
+ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
+uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
+Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
+tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
+PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
+hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
+5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
+-----END CERTIFICATE-----
View
45 twittering-mode.el
@@ -953,6 +953,7 @@ a server certificate on SSL. The directory must be in \"hash format\".")
;; SHA1 Fingerprint=D2:32:09:AD:23:D3:14:23:21:74:E4:0D:7F:9D:62:13:97:86:63:3A
;; Retrieved from: https://www.geotrust.com/resources/root-certificates/index.html
;; URL: https://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certificate_Authority.cer
+ ;; for www.googleapis.com
"-----BEGIN CERTIFICATE-----
MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
@@ -986,6 +987,7 @@ A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
;; SHA1 Fingerprint=85:37:1C:A6:E5:50:14:3D:CE:28:03:47:1B:DE:3A:09:E8:F8:77:0F
;; Retrieved from: https://www.verisign.com/support/roots.html
;; URL: https://www.verisign.com/repository/roots/root-certificates/PCA-3G2.pem
+ ;; for api.twitter.com
"-----BEGIN CERTIFICATE-----
MIIDAjCCAmsCEH3Z/gfPqB63EHln+6eJNMYwDQYJKoZIhvcNAQEFBQAwgcExCzAJ
BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh
@@ -1013,6 +1015,41 @@ oJ2daZH9
;; The hash by the newer algorithm used by OpenSSL 1.0.0 and later.
;; openssl x509 -subject_hash -noout -in cert/PCA-3G2.pem
"1ec4d31a.0"
+ )
+ (;; GeoTrust Global CA
+ ;; subject= /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
+ ;; SHA1 Fingerprint=DE:28:F4:A4:FF:E5:B9:2F:A3:C5:03:D1:A3:49:A7:F9:96:2A:82:12
+ ;; Retrieved from: https://www.geotrust.com/resources/root-certificates/index.html
+ ;; URL: https://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Global_CA.cer
+ ;; for search.twitter.com
+ "-----BEGIN CERTIFICATE-----
+MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
+MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
+YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
+EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
+R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
+9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
+fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
+iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
+1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
+MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
+ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
+uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
+Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
+tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
+PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
+hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
+5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
+-----END CERTIFICATE-----
+"
+ ;; The hash by the older algorithm used by OpenSSL before 1.0.0.
+ ;; openssl x509 -subject_hash_old -noout -in cert/GeoTrust_Global_CA.cer
+ "7999be0d.0"
+
+ ;; The hash by the newer algorithm used by OpenSSL 1.0.0 and later.
+ ;; openssl x509 -subject_hash -noout -in cert/GeoTrust_Global_CA.cer
+ "2c543cd1.0"
)))
(defun twittering-delete-ca-cert ()
@@ -1032,12 +1069,8 @@ oJ2daZH9
(defun twittering-ensure-ca-cert ()
"Return a directory name including CA certificates.
-If it does not exist, create it. The directory includes two root certificates
-in \"hash format\". In detail, see verify(1SSL).
-
-The certificate files are retrieved from
-`https://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certificate_Authority.cer' and
-`https://www.verisign.com/repository/roots/root-certificates/PCA-3G2.pem'."
+If it does not exist, create it. The directory includes root certificates
+in \"hash format\". In detail, see verify(1SSL)."
(unless twittering-cert-directory
(let ((coding-system-for-write 'iso-safe)
(ca-directory (make-temp-file "twmode-cacert" t)))

0 comments on commit 193cc86

Please sign in to comment.