Skip to content

Commit ac4b485

Browse files
nodejs-github-botaduh95
nodejs-github-bot
authored and
aduh95
committed
crypto: update root certificates to NSS 3.121
This is the certdata.txt[0] from NSS 3.121. This is the version of NSS that shipped in Firefox 149.0 on 2026-03-24. Certificates added: - OISTE Server Root RSA G1 - e-Szigno TLS Root CA 2023 Certificates removed: - OISTE Server Root RSA G1 [0] https://raw.githubusercontent.com/nss-dev/nss/refs/tags/NSS_3_121_RTM/lib/ckfw/builtins/certdata.txt PR-URL: #62485 Reviewed-By: Moshe Atlow <moshe@atlow.co.il> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
1 parent 3d2e23a commit ac4b485

File tree

2 files changed

+153
-5
lines changed

2 files changed

+153
-5
lines changed

src/node_root_certs.h

Lines changed: 19 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3469,7 +3469,7 @@
34693469
"ak5KGoJr3M/TvEqzPNcum9v4KGm8ay3sMaE641c=\n"
34703470
"-----END CERTIFICATE-----",
34713471

3472-
/* OISTE Server Root RSA G1 */
3472+
/* OISTE Server Root RSA G1 */
34733473
"-----BEGIN CERTIFICATE-----\n"
34743474
"MIIFgzCCA2ugAwIBAgIQVaXZZ5Qoxu0M+ifdWwFNGDANBgkqhkiG9w0BAQwFADBLMQswCQYD\n"
34753475
"VQQGEwJDSDEZMBcGA1UECgwQT0lTVEUgRm91bmRhdGlvbjEhMB8GA1UEAwwYT0lTVEUgU2Vy\n"
@@ -3499,4 +3499,22 @@
34993499
"axj5d9spLFKebXd7Yv0PTY6YMjAwcRLWJTXjn/hvnLXrahut6hDTlhZyBiElxky8j3C7DORe\n"
35003500
"IoMt0r7+hVu05L0=\n"
35013501
"-----END CERTIFICATE-----",
3502+
3503+
/* e-Szigno TLS Root CA 2023 */
3504+
"-----BEGIN CERTIFICATE-----\n"
3505+
"MIICzzCCAjGgAwIBAgINAOhvGHvWOWuYSkmYCjAKBggqhkjOPQQDBDB1MQswCQYDVQQGEwJI\n"
3506+
"VTERMA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xFzAVBgNVBGEM\n"
3507+
"DlZBVEhVLTIzNTg0NDk3MSIwIAYDVQQDDBllLVN6aWdubyBUTFMgUm9vdCBDQSAyMDIzMB4X\n"
3508+
"DTIzMDcxNzE0MDAwMFoXDTM4MDcxNzE0MDAwMFowdTELMAkGA1UEBhMCSFUxETAPBgNVBAcM\n"
3509+
"CEJ1ZGFwZXN0MRYwFAYDVQQKDA1NaWNyb3NlYyBMdGQuMRcwFQYDVQRhDA5WQVRIVS0yMzU4\n"
3510+
"NDQ5NzEiMCAGA1UEAwwZZS1Temlnbm8gVExTIFJvb3QgQ0EgMjAyMzCBmzAQBgcqhkjOPQIB\n"
3511+
"BgUrgQQAIwOBhgAEAGgP36J8PKp0iGEKjcJMpQEiFNT3YHdCnAo4YKGMZz6zY+n6kbCLS+Y5\n"
3512+
"3wLCMAFSAL/fjO1ZrTJlqwlZULUZwmgcAOAFX9pQJhzDrAQixTpN7+lXWDajwRlTEArRzT/v\n"
3513+
"SzUaQ49CE0y5LBqcvjC2xN7cS53kpDzLLtmt3999Cd8ukv+ho2MwYTAPBgNVHRMBAf8EBTAD\n"
3514+
"AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUWYQCYlpGePVd3I8KECgj3NXW+0UwHwYD\n"
3515+
"VR0jBBgwFoAUWYQCYlpGePVd3I8KECgj3NXW+0UwCgYIKoZIzj0EAwQDgYsAMIGHAkIBLdqu\n"
3516+
"9S54tma4n7Zwf2Z0z+yOfP7AAXmazlIC58PRDHpty7Ve7hekm9sEdu4pKeiv+62sUvTXK9Z3\n"
3517+
"hBC9xdIoaDQCQTV2WnXzkoYI9bIeCvZlC9p2x1L/Cx6AcCIwwzPbGO2E14vs7dOoY4G1VnxH\n"
3518+
"x1YwlGhza9IuqbnZLBwpvQy6uWWL\n"
3519+
"-----END CERTIFICATE-----",
35023520
#endif // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS

tools/certdata.txt

Lines changed: 134 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -26591,7 +26591,7 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
2659126591
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
2659226592

2659326593
#
26594-
# Certificate " OISTE Server Root RSA G1"
26594+
# Certificate "OISTE Server Root RSA G1"
2659526595
#
2659626596
# Issuer: CN=OISTE Server Root RSA G1,O=OISTE Foundation,C=CH
2659726597
# Serial Number:55:a5:d9:67:94:28:c6:ed:0c:fa:27:dd:5b:01:4d:18
@@ -26604,7 +26604,7 @@ CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
2660426604
CKA_TOKEN CK_BBOOL CK_TRUE
2660526605
CKA_PRIVATE CK_BBOOL CK_FALSE
2660626606
CKA_MODIFIABLE CK_BBOOL CK_FALSE
26607-
CKA_LABEL UTF8 " OISTE Server Root RSA G1"
26607+
CKA_LABEL UTF8 "OISTE Server Root RSA G1"
2660826608
CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
2660926609
CKA_SUBJECT MULTILINE_OCTAL
2661026610
\060\113\061\013\060\011\006\003\125\004\006\023\002\103\110\061
@@ -26720,7 +26720,7 @@ CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
2672026720
CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
2672126721
CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
2672226722

26723-
# Trust for " OISTE Server Root RSA G1"
26723+
# Trust for "OISTE Server Root RSA G1"
2672426724
# Issuer: CN=OISTE Server Root RSA G1,O=OISTE Foundation,C=CH
2672526725
# Serial Number:55:a5:d9:67:94:28:c6:ed:0c:fa:27:dd:5b:01:4d:18
2672626726
# Subject: CN=OISTE Server Root RSA G1,O=OISTE Foundation,C=CH
@@ -26732,7 +26732,7 @@ CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
2673226732
CKA_TOKEN CK_BBOOL CK_TRUE
2673326733
CKA_PRIVATE CK_BBOOL CK_FALSE
2673426734
CKA_MODIFIABLE CK_BBOOL CK_FALSE
26735-
CKA_LABEL UTF8 " OISTE Server Root RSA G1"
26735+
CKA_LABEL UTF8 "OISTE Server Root RSA G1"
2673626736
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
2673726737
\367\000\064\045\224\210\150\061\344\064\207\077\160\376\206\263
2673826738
\206\237\360\156
@@ -26755,3 +26755,133 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
2675526755
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
2675626756
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
2675726757
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
26758+
26759+
#
26760+
# Certificate "e-Szigno TLS Root CA 2023"
26761+
#
26762+
# Issuer: CN=e-Szigno TLS Root CA 2023,OID.2.5.4.97=VATHU-23584497,O=Microsec Ltd.,L=Budapest,C=HU
26763+
# Serial Number:00:e8:6f:18:7b:d6:39:6b:98:4a:49:98:0a
26764+
# Subject: CN=e-Szigno TLS Root CA 2023,OID.2.5.4.97=VATHU-23584497,O=Microsec Ltd.,L=Budapest,C=HU
26765+
# Not Valid Before: Mon Jul 17 14:00:00 2023
26766+
# Not Valid After : Sat Jul 17 14:00:00 2038
26767+
# Fingerprint (SHA-256): B4:91:41:50:2D:00:66:3D:74:0F:2E:7E:C3:40:C5:28:00:96:26:66:12:1A:36:D0:9C:F7:DD:2B:90:38:4F:B4
26768+
# Fingerprint (SHA1): 6F:9A:D5:D5:DF:E8:2C:EB:BE:37:07:EE:4F:4F:52:58:29:41:D1:FE
26769+
CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
26770+
CKA_TOKEN CK_BBOOL CK_TRUE
26771+
CKA_PRIVATE CK_BBOOL CK_FALSE
26772+
CKA_MODIFIABLE CK_BBOOL CK_FALSE
26773+
CKA_LABEL UTF8 "e-Szigno TLS Root CA 2023"
26774+
CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
26775+
CKA_SUBJECT MULTILINE_OCTAL
26776+
\060\165\061\013\060\011\006\003\125\004\006\023\002\110\125\061
26777+
\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160\145
26778+
\163\164\061\026\060\024\006\003\125\004\012\014\015\115\151\143
26779+
\162\157\163\145\143\040\114\164\144\056\061\027\060\025\006\003
26780+
\125\004\141\014\016\126\101\124\110\125\055\062\063\065\070\064
26781+
\064\071\067\061\042\060\040\006\003\125\004\003\014\031\145\055
26782+
\123\172\151\147\156\157\040\124\114\123\040\122\157\157\164\040
26783+
\103\101\040\062\060\062\063
26784+
END
26785+
CKA_ID UTF8 "0"
26786+
CKA_ISSUER MULTILINE_OCTAL
26787+
\060\165\061\013\060\011\006\003\125\004\006\023\002\110\125\061
26788+
\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160\145
26789+
\163\164\061\026\060\024\006\003\125\004\012\014\015\115\151\143
26790+
\162\157\163\145\143\040\114\164\144\056\061\027\060\025\006\003
26791+
\125\004\141\014\016\126\101\124\110\125\055\062\063\065\070\064
26792+
\064\071\067\061\042\060\040\006\003\125\004\003\014\031\145\055
26793+
\123\172\151\147\156\157\040\124\114\123\040\122\157\157\164\040
26794+
\103\101\040\062\060\062\063
26795+
END
26796+
CKA_SERIAL_NUMBER MULTILINE_OCTAL
26797+
\002\015\000\350\157\030\173\326\071\153\230\112\111\230\012
26798+
END
26799+
CKA_VALUE MULTILINE_OCTAL
26800+
\060\202\002\317\060\202\002\061\240\003\002\001\002\002\015\000
26801+
\350\157\030\173\326\071\153\230\112\111\230\012\060\012\006\010
26802+
\052\206\110\316\075\004\003\004\060\165\061\013\060\011\006\003
26803+
\125\004\006\023\002\110\125\061\021\060\017\006\003\125\004\007
26804+
\014\010\102\165\144\141\160\145\163\164\061\026\060\024\006\003
26805+
\125\004\012\014\015\115\151\143\162\157\163\145\143\040\114\164
26806+
\144\056\061\027\060\025\006\003\125\004\141\014\016\126\101\124
26807+
\110\125\055\062\063\065\070\064\064\071\067\061\042\060\040\006
26808+
\003\125\004\003\014\031\145\055\123\172\151\147\156\157\040\124
26809+
\114\123\040\122\157\157\164\040\103\101\040\062\060\062\063\060
26810+
\036\027\015\062\063\060\067\061\067\061\064\060\060\060\060\132
26811+
\027\015\063\070\060\067\061\067\061\064\060\060\060\060\132\060
26812+
\165\061\013\060\011\006\003\125\004\006\023\002\110\125\061\021
26813+
\060\017\006\003\125\004\007\014\010\102\165\144\141\160\145\163
26814+
\164\061\026\060\024\006\003\125\004\012\014\015\115\151\143\162
26815+
\157\163\145\143\040\114\164\144\056\061\027\060\025\006\003\125
26816+
\004\141\014\016\126\101\124\110\125\055\062\063\065\070\064\064
26817+
\071\067\061\042\060\040\006\003\125\004\003\014\031\145\055\123
26818+
\172\151\147\156\157\040\124\114\123\040\122\157\157\164\040\103
26819+
\101\040\062\060\062\063\060\201\233\060\020\006\007\052\206\110
26820+
\316\075\002\001\006\005\053\201\004\000\043\003\201\206\000\004
26821+
\000\150\017\337\242\174\074\252\164\210\141\012\215\302\114\245
26822+
\001\042\024\324\367\140\167\102\234\012\070\140\241\214\147\076
26823+
\263\143\351\372\221\260\213\113\346\071\337\002\302\060\001\122
26824+
\000\277\337\214\355\131\255\062\145\253\011\131\120\265\031\302
26825+
\150\034\000\340\005\137\332\120\046\034\303\254\004\042\305\072
26826+
\115\357\351\127\130\066\243\301\031\123\020\012\321\315\077\357
26827+
\113\065\032\103\217\102\023\114\271\054\032\234\276\060\266\304
26828+
\336\334\113\235\344\244\074\313\056\331\255\337\337\175\011\337
26829+
\056\222\377\241\243\143\060\141\060\017\006\003\125\035\023\001
26830+
\001\377\004\005\060\003\001\001\377\060\016\006\003\125\035\017
26831+
\001\001\377\004\004\003\002\001\006\060\035\006\003\125\035\016
26832+
\004\026\004\024\131\204\002\142\132\106\170\365\135\334\217\012
26833+
\020\050\043\334\325\326\373\105\060\037\006\003\125\035\043\004
26834+
\030\060\026\200\024\131\204\002\142\132\106\170\365\135\334\217
26835+
\012\020\050\043\334\325\326\373\105\060\012\006\010\052\206\110
26836+
\316\075\004\003\004\003\201\213\000\060\201\207\002\102\001\055
26837+
\332\256\365\056\170\266\146\270\237\266\160\177\146\164\317\354
26838+
\216\174\376\300\001\171\232\316\122\002\347\303\321\014\172\155
26839+
\313\265\136\356\027\244\233\333\004\166\356\051\051\350\257\373
26840+
\255\254\122\364\327\053\326\167\204\020\275\305\322\050\150\064
26841+
\002\101\065\166\132\165\363\222\206\010\365\262\036\012\366\145
26842+
\013\332\166\307\122\377\013\036\200\160\042\060\303\063\333\030
26843+
\355\204\327\213\354\355\323\250\143\201\265\126\174\107\307\126
26844+
\060\224\150\163\153\322\056\251\271\331\054\034\051\275\014\272
26845+
\271\145\213
26846+
END
26847+
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
26848+
CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
26849+
CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
26850+
26851+
# Trust for "e-Szigno TLS Root CA 2023"
26852+
# Issuer: CN=e-Szigno TLS Root CA 2023,OID.2.5.4.97=VATHU-23584497,O=Microsec Ltd.,L=Budapest,C=HU
26853+
# Serial Number:00:e8:6f:18:7b:d6:39:6b:98:4a:49:98:0a
26854+
# Subject: CN=e-Szigno TLS Root CA 2023,OID.2.5.4.97=VATHU-23584497,O=Microsec Ltd.,L=Budapest,C=HU
26855+
# Not Valid Before: Mon Jul 17 14:00:00 2023
26856+
# Not Valid After : Sat Jul 17 14:00:00 2038
26857+
# Fingerprint (SHA-256): B4:91:41:50:2D:00:66:3D:74:0F:2E:7E:C3:40:C5:28:00:96:26:66:12:1A:36:D0:9C:F7:DD:2B:90:38:4F:B4
26858+
# Fingerprint (SHA1): 6F:9A:D5:D5:DF:E8:2C:EB:BE:37:07:EE:4F:4F:52:58:29:41:D1:FE
26859+
CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
26860+
CKA_TOKEN CK_BBOOL CK_TRUE
26861+
CKA_PRIVATE CK_BBOOL CK_FALSE
26862+
CKA_MODIFIABLE CK_BBOOL CK_FALSE
26863+
CKA_LABEL UTF8 "e-Szigno TLS Root CA 2023"
26864+
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
26865+
\157\232\325\325\337\350\054\353\276\067\007\356\117\117\122\130
26866+
\051\101\321\376
26867+
END
26868+
CKA_CERT_MD5_HASH MULTILINE_OCTAL
26869+
\152\351\231\164\245\332\136\361\331\056\362\310\321\206\213\161
26870+
END
26871+
CKA_ISSUER MULTILINE_OCTAL
26872+
\060\165\061\013\060\011\006\003\125\004\006\023\002\110\125\061
26873+
\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160\145
26874+
\163\164\061\026\060\024\006\003\125\004\012\014\015\115\151\143
26875+
\162\157\163\145\143\040\114\164\144\056\061\027\060\025\006\003
26876+
\125\004\141\014\016\126\101\124\110\125\055\062\063\065\070\064
26877+
\064\071\067\061\042\060\040\006\003\125\004\003\014\031\145\055
26878+
\123\172\151\147\156\157\040\124\114\123\040\122\157\157\164\040
26879+
\103\101\040\062\060\062\063
26880+
END
26881+
CKA_SERIAL_NUMBER MULTILINE_OCTAL
26882+
\002\015\000\350\157\030\173\326\071\153\230\112\111\230\012
26883+
END
26884+
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
26885+
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
26886+
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
26887+
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE

0 commit comments

Comments
 (0)