From 15fc08595b23eaba5d23af448f17454d113916e8 Mon Sep 17 00:00:00 2001 From: Mark Karpeles Date: Fri, 5 Jun 2026 19:38:06 +0900 Subject: [PATCH] Fix stale subject-hash headers; guard + example.com/.org anchor test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The `# OpenSSL subject hash:` comment in every roots/*.pem was wrong (written by an older hash implementation and never regenerated). The headers are informational — build.rs recomputes the hash from DER, so the compiled store and README were always correct — but the stale comments were misleading (e.g. SSL.com TLS ECC Root CA 2022 read `8b682d02` instead of the correct `865fbdf9`). - Rewrite all 117 headers to the computed hash. - cacrt-tool verify now fails when a header hash != the computed hash, so the comments can't silently rot again (CI runs verify). - Add tests/example_anchor.rs: resolve the SSL.com TLS ECC Root CA 2022 trust anchor (865fbdf9.0) by the issuer Name that example.com / example.org's chain points at, asserting byte-exact DER identity. Co-Authored-By: Claude Opus 4.8 (1M context) --- examples/cacrt-tool.rs | 32 +++++- roots/ACCV/ACCVRAIZ1.pem | 2 +- roots/ANF/ANF_Secure_Server_Root_CA.pem | 2 +- .../Actalis_Authentication_Root_CA.pem | 2 +- roots/Amazon/Amazon_Root_CA_1.pem | 2 +- roots/Amazon/Amazon_Root_CA_2.pem | 2 +- roots/Amazon/Amazon_Root_CA_3.pem | 2 +- roots/Amazon/Amazon_Root_CA_4.pem | 2 +- roots/Atos/Atos_TrustedRoot_2011.pem | 2 +- .../Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem | 2 +- .../Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem | 2 +- roots/BJCA/BJCA_Global_Root_CA1.pem | 2 +- roots/BJCA/BJCA_Global_Root_CA2.pem | 2 +- roots/CFCA/CFCA_EV_ROOT.pem | 2 +- roots/Certainly/Certainly_Root_E1.pem | 2 +- roots/Certainly/Certainly_Root_R1.pem | 2 +- roots/Certigna/Certigna_Root_CA.pem | 2 +- roots/Certum/Certum_EC_384_CA.pem | 2 +- roots/Certum/Certum_Trusted_Network_CA.pem | 2 +- roots/Certum/Certum_Trusted_Network_CA_2.pem | 2 +- roots/Certum/Certum_Trusted_Root_CA.pem | 2 +- roots/Chunghwa-Telecom/HiPKI_Root_CA_G1.pem | 2 +- .../Cybertrust-Japan/SecureSign_Root_CA12.pem | 2 +- .../Cybertrust-Japan/SecureSign_Root_CA14.pem | 2 +- .../Cybertrust-Japan/SecureSign_Root_CA15.pem | 2 +- roots/D-Trust/D_TRUST_BR_Root_CA_1_2020.pem | 2 +- roots/D-Trust/D_TRUST_BR_Root_CA_2_2023.pem | 2 +- roots/D-Trust/D_TRUST_EV_Root_CA_1_2020.pem | 2 +- roots/D-Trust/D_TRUST_EV_Root_CA_2_2023.pem | 2 +- .../D_TRUST_Root_Class_3_CA_2_2009.pem | 2 +- .../D_TRUST_Root_Class_3_CA_2_EV_2009.pem | 2 +- .../DigiCert/DigiCert_Assured_ID_Root_G2.pem | 2 +- .../DigiCert/DigiCert_Assured_ID_Root_G3.pem | 2 +- roots/DigiCert/DigiCert_Global_Root_G2.pem | 2 +- roots/DigiCert/DigiCert_Global_Root_G3.pem | 2 +- .../DigiCert_TLS_ECC_P384_Root_G5.pem | 2 +- .../DigiCert/DigiCert_TLS_RSA4096_Root_G5.pem | 2 +- roots/DigiCert/DigiCert_Trusted_Root_G4.pem | 2 +- roots/DigiCert/QuoVadis_Root_CA_1_G3.pem | 2 +- roots/DigiCert/QuoVadis_Root_CA_2_G3.pem | 2 +- roots/DigiCert/QuoVadis_Root_CA_3_G3.pem | 2 +- roots/Disig/CA_Disig_Root_R2.pem | 2 +- roots/FNMT-RCM/AC_RAIZ_FNMT_RCM.pem | 2 +- .../AC_RAIZ_FNMT_RCM_SERVIDORES_SEGUROS.pem | 2 +- ...icacion_Firmaprofesional_CIF_A62634068.pem | 2 +- roots/GDCA/GDCA_TrustAUTH_R5_ROOT.pem | 2 +- .../GlobalSign/GlobalSign_ECC_Root_CA_R4.pem | 2 +- .../GlobalSign/GlobalSign_ECC_Root_CA_R5.pem | 2 +- roots/GlobalSign/GlobalSign_Root_CA_R3.pem | 2 +- roots/GlobalSign/GlobalSign_Root_CA_R6.pem | 2 +- roots/GlobalSign/GlobalSign_Root_E46.pem | 2 +- roots/GlobalSign/GlobalSign_Root_R46.pem | 2 +- ...Go_Daddy_Root_Certificate_Authority_G2.pem | 2 +- ...tarfield_Root_Certificate_Authority_G2.pem | 2 +- ...Services_Root_Certificate_Authority_G2.pem | 2 +- roots/Google-Trust-Services/GTS_Root_R1.pem | 2 +- roots/Google-Trust-Services/GTS_Root_R3.pem | 2 +- roots/Google-Trust-Services/GTS_Root_R4.pem | 2 +- roots/HARICA/HARICA_TLS_ECC_Root_CA_2021.pem | 2 +- roots/HARICA/HARICA_TLS_RSA_Root_CA_2021.pem | 2 +- ..._Research_Institutions_ECC_RootCA_2015.pem | 2 +- ..._and_Research_Institutions_RootCA_2015.pem | 2 +- .../Hongkong-Post/Hongkong_Post_Root_CA_3.pem | 2 +- roots/ISRG/ISRG_Root_X1.pem | 2 +- roots/ISRG/ISRG_Root_X2.pem | 2 +- .../IdenTrust_Commercial_Root_CA_1.pem | 2 +- .../IdenTrust_Public_Sector_Root_CA_1.pem | 2 +- roots/Izenpe/Izenpe_com.pem | 2 +- roots/KIR/SZAFIR_ROOT_CA2.pem | 2 +- .../Microsec_e_Szigno_Root_CA_2009.pem | 2 +- roots/Microsec/e_Szigno_Root_CA_2017.pem | 2 +- roots/Microsec/e_Szigno_TLS_Root_CA_2023.pem | 2 +- ...ft_ECC_Root_Certificate_Authority_2017.pem | 2 +- ...ft_RSA_Root_Certificate_Authority_2017.pem | 2 +- ...ER_Global_Root_Certification_Authority.pem | 2 +- ...NetLock_Arany_Class_Gold_F_tan_s_tv_ny.pem | 2 +- .../Security_Communication_ECC_RootCA1.pem | 2 +- .../SECOM/Security_Communication_RootCA2.pem | 2 +- ...om_EV_Root_Certification_Authority_ECC.pem | 2 +- ...EV_Root_Certification_Authority_RSA_R2.pem | 2 +- ...L_com_Root_Certification_Authority_ECC.pem | 2 +- ...L_com_Root_Certification_Authority_RSA.pem | 2 +- .../SSL.com/SSL_com_TLS_ECC_Root_CA_2022.pem | 2 +- .../SSL.com/SSL_com_TLS_RSA_Root_CA_2022.pem | 2 +- .../COMODO_ECC_Certification_Authority.pem | 2 +- .../COMODO_RSA_Certification_Authority.pem | 2 +- ..._Public_Server_Authentication_Root_E46.pem | 2 +- ..._Public_Server_Authentication_Root_R46.pem | 2 +- .../USERTrust_ECC_Certification_Authority.pem | 2 +- .../USERTrust_RSA_Certification_Authority.pem | 2 +- .../SwissSign_RSA_TLS_Root_CA_2022_1.pem | 2 +- ...AK_Kamu_SM_SSL_Kok_Sertifikasi_Surum_1.pem | 2 +- roots/TWCA/TWCA_CYBER_Root_CA.pem | 2 +- roots/TWCA/TWCA_Global_Root_CA.pem | 2 +- .../TWCA_Root_Certification_Authority.pem | 2 +- .../T_TeleSec_GlobalRoot_Class_2.pem | 2 +- .../T_TeleSec_GlobalRoot_Class_3.pem | 2 +- .../Telekom_Security_TLS_ECC_Root_2020.pem | 2 +- .../Telekom_Security_TLS_RSA_Root_2023.pem | 2 +- roots/Telia/Telia_Root_CA_v2.pem | 2 +- .../TrustAsia/TrustAsia_Global_Root_CA_G3.pem | 2 +- .../TrustAsia/TrustAsia_Global_Root_CA_G4.pem | 2 +- roots/TrustAsia/TrustAsia_TLS_ECC_Root_CA.pem | 2 +- roots/TrustAsia/TrustAsia_TLS_RSA_Root_CA.pem | 2 +- roots/TunTrust/TunTrust_Root_CA.pem | 2 +- .../UniTrust/UCA_Extended_Validation_Root.pem | 2 +- roots/UniTrust/UCA_Global_G2_Root.pem | 2 +- roots/WISeKey/OISTE_Server_Root_ECC_G1.pem | 2 +- roots/WISeKey/OISTE_Server_Root_RSA_G1.pem | 2 +- .../OISTE_WISeKey_Global_Root_GB_CA.pem | 2 +- .../OISTE_WISeKey_Global_Root_GC_CA.pem | 2 +- roots/certSIGN/certSIGN_Root_CA_G2.pem | 2 +- roots/eMudhra/emSign_ECC_Root_CA_C3.pem | 2 +- roots/eMudhra/emSign_ECC_Root_CA_G3.pem | 2 +- roots/eMudhra/emSign_Root_CA_C1.pem | 2 +- roots/eMudhra/emSign_Root_CA_G1.pem | 2 +- roots/iTrusChina/vTrus_ECC_Root_CA.pem | 2 +- roots/iTrusChina/vTrus_Root_CA.pem | 2 +- tests/example_anchor.rs | 98 +++++++++++++++++++ 119 files changed, 244 insertions(+), 120 deletions(-) create mode 100644 tests/example_anchor.rs diff --git a/examples/cacrt-tool.rs b/examples/cacrt-tool.rs index 5702914..adc9278 100644 --- a/examples/cacrt-tool.rs +++ b/examples/cacrt-tool.rs @@ -242,9 +242,26 @@ fn cmd_verify() -> Result<(), String> { problems += 1; eprintln!("FAIL {}: {reason}", path.display()); } - if subject_hash(&der).is_err() { - problems += 1; - eprintln!("FAIL {}: cannot compute subject hash", path.display()); + match subject_hash(&der) { + Err(_) => { + problems += 1; + eprintln!("FAIL {}: cannot compute subject hash", path.display()); + } + // Keep the informational `# OpenSSL subject hash:` header honest: a + // stale header (e.g. left over from an older hash implementation) is + // harmless to the build but misleads anyone reading the file by hand. + Ok(hash) => { + let text = std::fs::read_to_string(&path).map_err(|e| e.to_string())?; + if let Some(declared) = parse_header_hash(&text) { + if declared != hash { + problems += 1; + eprintln!( + "FAIL {}: header subject hash {declared:08x} != computed {hash:08x}", + path.display() + ); + } + } + } } } if problems > 0 { @@ -254,6 +271,15 @@ fn cmd_verify() -> Result<(), String> { Ok(()) } +/// Parse the `# OpenSSL subject hash: <8 hex>` header written by `render_pem`. +/// Returns `None` if absent or malformed (the header is informational). +fn parse_header_hash(text: &str) -> Option { + let line = text + .lines() + .find_map(|l| l.trim_start().strip_prefix("# OpenSSL subject hash:"))?; + u32::from_str_radix(line.trim(), 16).ok() +} + // --------------------------------------------------------------------------- // diff // --------------------------------------------------------------------------- diff --git a/roots/ACCV/ACCVRAIZ1.pem b/roots/ACCV/ACCVRAIZ1.pem index 744ea55..20d7c4e 100644 --- a/roots/ACCV/ACCVRAIZ1.pem +++ b/roots/ACCV/ACCVRAIZ1.pem @@ -1,5 +1,5 @@ # Label: ACCVRAIZ1 -# OpenSSL subject hash: fc55b1d6 +# OpenSSL subject hash: a94d09e5 # SHA1 fingerprint: 93:05:7A:88:15:C6:4F:CE:88:2F:FA:91:16:52:28:78:BC:53:64:17 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/ANF/ANF_Secure_Server_Root_CA.pem b/roots/ANF/ANF_Secure_Server_Root_CA.pem index 603c525..03062f7 100644 --- a/roots/ANF/ANF_Secure_Server_Root_CA.pem +++ b/roots/ANF/ANF_Secure_Server_Root_CA.pem @@ -1,5 +1,5 @@ # Label: ANF Secure Server Root CA -# OpenSSL subject hash: cfeea04b +# OpenSSL subject hash: b433981b # SHA1 fingerprint: 5B:6E:68:D0:CC:15:B6:A0:5F:1E:C1:5F:AE:02:FC:6B:2F:5D:6F:74 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Actalis/Actalis_Authentication_Root_CA.pem b/roots/Actalis/Actalis_Authentication_Root_CA.pem index fe08126..ad65c54 100644 --- a/roots/Actalis/Actalis_Authentication_Root_CA.pem +++ b/roots/Actalis/Actalis_Authentication_Root_CA.pem @@ -1,5 +1,5 @@ # Label: Actalis Authentication Root CA -# OpenSSL subject hash: db47b359 +# OpenSSL subject hash: 930ac5d2 # SHA1 fingerprint: F3:73:B3:87:06:5A:28:84:8A:F2:F3:4A:CE:19:2B:DD:C7:8E:9C:AC # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Amazon/Amazon_Root_CA_1.pem b/roots/Amazon/Amazon_Root_CA_1.pem index 8352991..39bdd94 100644 --- a/roots/Amazon/Amazon_Root_CA_1.pem +++ b/roots/Amazon/Amazon_Root_CA_1.pem @@ -1,5 +1,5 @@ # Label: Amazon Root CA 1 -# OpenSSL subject hash: 172fdc4e +# OpenSSL subject hash: ce5e74ef # SHA1 fingerprint: 8D:A7:F9:65:EC:5E:FC:37:91:0F:1C:6E:59:FD:C1:CC:6A:6E:DE:16 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Amazon/Amazon_Root_CA_2.pem b/roots/Amazon/Amazon_Root_CA_2.pem index d92bd77..6e44095 100644 --- a/roots/Amazon/Amazon_Root_CA_2.pem +++ b/roots/Amazon/Amazon_Root_CA_2.pem @@ -1,5 +1,5 @@ # Label: Amazon Root CA 2 -# OpenSSL subject hash: 7d79dbdf +# OpenSSL subject hash: 6d41d539 # SHA1 fingerprint: 5A:8C:EF:45:D7:A6:98:59:76:7A:8C:8B:44:96:B5:78:CF:47:4B:1A # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Amazon/Amazon_Root_CA_3.pem b/roots/Amazon/Amazon_Root_CA_3.pem index 018e025..a0e29a0 100644 --- a/roots/Amazon/Amazon_Root_CA_3.pem +++ b/roots/Amazon/Amazon_Root_CA_3.pem @@ -1,5 +1,5 @@ # Label: Amazon Root CA 3 -# OpenSSL subject hash: 1ed28a6e +# OpenSSL subject hash: 8cb5ee0f # SHA1 fingerprint: 0D:44:DD:8C:3C:8C:1A:1A:58:75:64:81:E9:0F:2E:2A:FF:B3:D2:6E # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Amazon/Amazon_Root_CA_4.pem b/roots/Amazon/Amazon_Root_CA_4.pem index ae512e9..bc50b64 100644 --- a/roots/Amazon/Amazon_Root_CA_4.pem +++ b/roots/Amazon/Amazon_Root_CA_4.pem @@ -1,5 +1,5 @@ # Label: Amazon Root CA 4 -# OpenSSL subject hash: 1e99976d +# OpenSSL subject hash: de6d66f3 # SHA1 fingerprint: F6:10:84:07:D6:F8:BB:67:98:0C:C2:E2:44:C2:EB:AE:1C:EF:63:BE # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Atos/Atos_TrustedRoot_2011.pem b/roots/Atos/Atos_TrustedRoot_2011.pem index 8cef918..1f8ecbb 100644 --- a/roots/Atos/Atos_TrustedRoot_2011.pem +++ b/roots/Atos/Atos_TrustedRoot_2011.pem @@ -1,5 +1,5 @@ # Label: Atos TrustedRoot 2011 -# OpenSSL subject hash: fa7642af +# OpenSSL subject hash: e36a6752 # SHA1 fingerprint: 2B:B1:F5:3E:55:0C:1D:C5:F1:D4:E6:B7:6A:46:4B:55:06:02:AC:21 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Atos/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem b/roots/Atos/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem index e55e07d..0d0185c 100644 --- a/roots/Atos/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem +++ b/roots/Atos/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem @@ -1,5 +1,5 @@ # Label: Atos TrustedRoot Root CA ECC TLS 2021 -# OpenSSL subject hash: 139b2cad +# OpenSSL subject hash: fb717492 # SHA1 fingerprint: 9E:BC:75:10:42:B3:02:F3:81:F4:F7:30:62:D4:8F:C3:A7:51:B2:DD # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Atos/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem b/roots/Atos/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem index 2e31729..6653c08 100644 --- a/roots/Atos/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem +++ b/roots/Atos/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem @@ -1,5 +1,5 @@ # Label: Atos TrustedRoot Root CA RSA TLS 2021 -# OpenSSL subject hash: d35fc52c +# OpenSSL subject hash: 9b46e03d # SHA1 fingerprint: 18:52:3B:0D:06:37:E4:D6:3A:DF:23:E4:98:FB:5B:16:FB:86:74:48 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/BJCA/BJCA_Global_Root_CA1.pem b/roots/BJCA/BJCA_Global_Root_CA1.pem index 85a9c6a..2df62bd 100644 --- a/roots/BJCA/BJCA_Global_Root_CA1.pem +++ b/roots/BJCA/BJCA_Global_Root_CA1.pem @@ -1,5 +1,5 @@ # Label: BJCA Global Root CA1 -# OpenSSL subject hash: 1eed3112 +# OpenSSL subject hash: 0179095f # SHA1 fingerprint: D5:EC:8D:7B:4C:BA:79:F4:E7:E8:CB:9D:6B:AE:77:83:10:03:21:6A # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/BJCA/BJCA_Global_Root_CA2.pem b/roots/BJCA/BJCA_Global_Root_CA2.pem index 9f2796c..89182e5 100644 --- a/roots/BJCA/BJCA_Global_Root_CA2.pem +++ b/roots/BJCA/BJCA_Global_Root_CA2.pem @@ -1,5 +1,5 @@ # Label: BJCA Global Root CA2 -# OpenSSL subject hash: 8ebe1cb6 +# OpenSSL subject hash: 3e359ba6 # SHA1 fingerprint: F4:27:86:EB:6E:B8:6D:88:31:67:02:FB:BA:66:A4:53:00:AA:7A:A6 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/CFCA/CFCA_EV_ROOT.pem b/roots/CFCA/CFCA_EV_ROOT.pem index 232e447..e145999 100644 --- a/roots/CFCA/CFCA_EV_ROOT.pem +++ b/roots/CFCA/CFCA_EV_ROOT.pem @@ -1,5 +1,5 @@ # Label: CFCA EV ROOT -# OpenSSL subject hash: b7577bdf +# OpenSSL subject hash: 0b1b94ef # SHA1 fingerprint: E2:B8:29:4B:55:84:AB:6B:58:C2:90:46:6C:AC:3F:B8:39:8F:84:83 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Certainly/Certainly_Root_E1.pem b/roots/Certainly/Certainly_Root_E1.pem index 98fd153..60cdd1d 100644 --- a/roots/Certainly/Certainly_Root_E1.pem +++ b/roots/Certainly/Certainly_Root_E1.pem @@ -1,5 +1,5 @@ # Label: Certainly Root E1 -# OpenSSL subject hash: 7a558193 +# OpenSSL subject hash: 8508e720 # SHA1 fingerprint: F9:E1:6D:DC:01:89:CF:D5:82:45:63:3E:C5:37:7D:C2:EB:93:6F:2B # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Certainly/Certainly_Root_R1.pem b/roots/Certainly/Certainly_Root_R1.pem index 8bef822..8d7fb22 100644 --- a/roots/Certainly/Certainly_Root_R1.pem +++ b/roots/Certainly/Certainly_Root_R1.pem @@ -1,5 +1,5 @@ # Label: Certainly Root R1 -# OpenSSL subject hash: 49e61277 +# OpenSSL subject hash: 7a780d93 # SHA1 fingerprint: A0:50:EE:0F:28:71:F4:27:B2:12:6D:6F:50:96:25:BA:CC:86:42:AF # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Certigna/Certigna_Root_CA.pem b/roots/Certigna/Certigna_Root_CA.pem index 70e1544..0439c9a 100644 --- a/roots/Certigna/Certigna_Root_CA.pem +++ b/roots/Certigna/Certigna_Root_CA.pem @@ -1,5 +1,5 @@ # Label: Certigna Root CA -# OpenSSL subject hash: fa659d48 +# OpenSSL subject hash: f51bb24c # SHA1 fingerprint: 2D:0D:52:14:FF:9E:AD:99:24:01:74:20:47:6E:6C:85:27:27:F5:43 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Certum/Certum_EC_384_CA.pem b/roots/Certum/Certum_EC_384_CA.pem index 9a37416..cc404de 100644 --- a/roots/Certum/Certum_EC_384_CA.pem +++ b/roots/Certum/Certum_EC_384_CA.pem @@ -1,5 +1,5 @@ # Label: Certum EC-384 CA -# OpenSSL subject hash: 946b74b7 +# OpenSSL subject hash: 9482e63a # SHA1 fingerprint: F3:3E:78:3C:AC:DF:F4:A2:CC:AC:67:55:69:56:D7:E5:16:3C:E1:ED # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Certum/Certum_Trusted_Network_CA.pem b/roots/Certum/Certum_Trusted_Network_CA.pem index fb621ef..8419261 100644 --- a/roots/Certum/Certum_Trusted_Network_CA.pem +++ b/roots/Certum/Certum_Trusted_Network_CA.pem @@ -1,5 +1,5 @@ # Label: Certum Trusted Network CA -# OpenSSL subject hash: 7068e428 +# OpenSSL subject hash: 48bec511 # SHA1 fingerprint: 07:E0:32:E0:20:B7:2C:3F:19:2F:06:28:A2:59:3A:19:A7:0F:06:9E # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Certum/Certum_Trusted_Network_CA_2.pem b/roots/Certum/Certum_Trusted_Network_CA_2.pem index 2655ff7..ebf330f 100644 --- a/roots/Certum/Certum_Trusted_Network_CA_2.pem +++ b/roots/Certum/Certum_Trusted_Network_CA_2.pem @@ -1,5 +1,5 @@ # Label: Certum Trusted Network CA 2 -# OpenSSL subject hash: 60ab2c3b +# OpenSSL subject hash: 40193066 # SHA1 fingerprint: D3:DD:48:3E:2B:BF:4C:05:E8:AF:10:F5:FA:76:26:CF:D3:DC:30:92 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Certum/Certum_Trusted_Root_CA.pem b/roots/Certum/Certum_Trusted_Root_CA.pem index 588cc01..f765c9e 100644 --- a/roots/Certum/Certum_Trusted_Root_CA.pem +++ b/roots/Certum/Certum_Trusted_Root_CA.pem @@ -1,5 +1,5 @@ # Label: Certum Trusted Root CA -# OpenSSL subject hash: bbed058a +# OpenSSL subject hash: e35234b1 # SHA1 fingerprint: C8:83:44:C0:18:AE:9F:CC:F1:87:B7:8F:22:D1:C5:D7:45:84:BA:E5 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Chunghwa-Telecom/HiPKI_Root_CA_G1.pem b/roots/Chunghwa-Telecom/HiPKI_Root_CA_G1.pem index c704744..643c3c1 100644 --- a/roots/Chunghwa-Telecom/HiPKI_Root_CA_G1.pem +++ b/roots/Chunghwa-Telecom/HiPKI_Root_CA_G1.pem @@ -1,5 +1,5 @@ # Label: HiPKI Root CA - G1 -# OpenSSL subject hash: 9c4d6a87 +# OpenSSL subject hash: 90c5a3c8 # SHA1 fingerprint: 6A:92:E4:A8:EE:1B:EC:96:45:37:E3:29:57:49:CD:96:E3:E5:D2:60 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Cybertrust-Japan/SecureSign_Root_CA12.pem b/roots/Cybertrust-Japan/SecureSign_Root_CA12.pem index 0209d91..e1e33b3 100644 --- a/roots/Cybertrust-Japan/SecureSign_Root_CA12.pem +++ b/roots/Cybertrust-Japan/SecureSign_Root_CA12.pem @@ -1,5 +1,5 @@ # Label: SecureSign Root CA12 -# OpenSSL subject hash: 02be9d6d +# OpenSSL subject hash: 616816f6 # SHA1 fingerprint: 7A:22:1E:3D:DE:1B:06:AC:9E:C8:47:70:16:8E:3C:E5:F7:6B:06:F4 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Cybertrust-Japan/SecureSign_Root_CA14.pem b/roots/Cybertrust-Japan/SecureSign_Root_CA14.pem index 1def59f..bd64ffb 100644 --- a/roots/Cybertrust-Japan/SecureSign_Root_CA14.pem +++ b/roots/Cybertrust-Japan/SecureSign_Root_CA14.pem @@ -1,5 +1,5 @@ # Label: SecureSign Root CA14 -# OpenSSL subject hash: 694d1b27 +# OpenSSL subject hash: 878d9bca # SHA1 fingerprint: DD:50:C0:F7:79:B3:64:2E:74:A2:B8:9D:9F:D3:40:DD:BB:F0:F2:4F # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Cybertrust-Japan/SecureSign_Root_CA15.pem b/roots/Cybertrust-Japan/SecureSign_Root_CA15.pem index b550792..91c6d16 100644 --- a/roots/Cybertrust-Japan/SecureSign_Root_CA15.pem +++ b/roots/Cybertrust-Japan/SecureSign_Root_CA15.pem @@ -1,5 +1,5 @@ # Label: SecureSign Root CA15 -# OpenSSL subject hash: 2236f8a6 +# OpenSSL subject hash: 6a9bdba3 # SHA1 fingerprint: CB:BA:83:C8:C1:5A:5D:F1:F9:73:6F:CA:D7:EF:28:13:06:4A:07:7D # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/D-Trust/D_TRUST_BR_Root_CA_1_2020.pem b/roots/D-Trust/D_TRUST_BR_Root_CA_1_2020.pem index 79d20c9..47670de 100644 --- a/roots/D-Trust/D_TRUST_BR_Root_CA_1_2020.pem +++ b/roots/D-Trust/D_TRUST_BR_Root_CA_1_2020.pem @@ -1,5 +1,5 @@ # Label: D-TRUST BR Root CA 1 2020 -# OpenSSL subject hash: b1faae74 +# OpenSSL subject hash: 9ef4a08a # SHA1 fingerprint: 1F:5B:98:F0:E3:B5:F7:74:3C:ED:E6:B0:36:7D:32:CD:F4:09:41:67 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/D-Trust/D_TRUST_BR_Root_CA_2_2023.pem b/roots/D-Trust/D_TRUST_BR_Root_CA_2_2023.pem index f3aa56e..583e3be 100644 --- a/roots/D-Trust/D_TRUST_BR_Root_CA_2_2023.pem +++ b/roots/D-Trust/D_TRUST_BR_Root_CA_2_2023.pem @@ -1,5 +1,5 @@ # Label: D-TRUST BR Root CA 2 2023 -# OpenSSL subject hash: 7ea7f1ba +# OpenSSL subject hash: ffdd40f9 # SHA1 fingerprint: 2D:B0:70:EE:71:94:AF:69:68:17:DB:79:CE:58:9F:A0:6B:96:F7:87 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/D-Trust/D_TRUST_EV_Root_CA_1_2020.pem b/roots/D-Trust/D_TRUST_EV_Root_CA_1_2020.pem index 0751bb7..409a486 100644 --- a/roots/D-Trust/D_TRUST_EV_Root_CA_1_2020.pem +++ b/roots/D-Trust/D_TRUST_EV_Root_CA_1_2020.pem @@ -1,5 +1,5 @@ # Label: D-TRUST EV Root CA 1 2020 -# OpenSSL subject hash: b0146b0c +# OpenSSL subject hash: 5931b5bc # SHA1 fingerprint: 61:DB:8C:21:59:69:03:90:D8:7C:9C:12:86:54:CF:9D:3D:F4:DD:07 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/D-Trust/D_TRUST_EV_Root_CA_2_2023.pem b/roots/D-Trust/D_TRUST_EV_Root_CA_2_2023.pem index 7fe7ce8..bbf7202 100644 --- a/roots/D-Trust/D_TRUST_EV_Root_CA_2_2023.pem +++ b/roots/D-Trust/D_TRUST_EV_Root_CA_2_2023.pem @@ -1,5 +1,5 @@ # Label: D-TRUST EV Root CA 2 2023 -# OpenSSL subject hash: 592d861a +# OpenSSL subject hash: a09a51ae # SHA1 fingerprint: A5:5B:D8:47:6C:8F:19:F7:4C:F4:6D:6B:B6:C2:79:82:22:DF:54:8B # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/D-Trust/D_TRUST_Root_Class_3_CA_2_2009.pem b/roots/D-Trust/D_TRUST_Root_Class_3_CA_2_2009.pem index 64c34bd..6827c29 100644 --- a/roots/D-Trust/D_TRUST_Root_Class_3_CA_2_2009.pem +++ b/roots/D-Trust/D_TRUST_Root_Class_3_CA_2_2009.pem @@ -1,5 +1,5 @@ # Label: D-TRUST Root Class 3 CA 2 2009 -# OpenSSL subject hash: 5c6929b9 +# OpenSSL subject hash: c28a8a30 # SHA1 fingerprint: 58:E8:AB:B0:36:15:33:FB:80:F7:9B:1B:6D:29:D3:FF:8D:5F:00:F0 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/D-Trust/D_TRUST_Root_Class_3_CA_2_EV_2009.pem b/roots/D-Trust/D_TRUST_Root_Class_3_CA_2_EV_2009.pem index c9905ba..68041be 100644 --- a/roots/D-Trust/D_TRUST_Root_Class_3_CA_2_EV_2009.pem +++ b/roots/D-Trust/D_TRUST_Root_Class_3_CA_2_EV_2009.pem @@ -1,5 +1,5 @@ # Label: D-TRUST Root Class 3 CA 2 EV 2009 -# OpenSSL subject hash: 99d8d717 +# OpenSSL subject hash: d4dae3dd # SHA1 fingerprint: 96:C9:1B:0B:95:B4:10:98:42:FA:D0:D8:22:79:FE:60:FA:B9:16:83 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/DigiCert/DigiCert_Assured_ID_Root_G2.pem b/roots/DigiCert/DigiCert_Assured_ID_Root_G2.pem index 681f3fd..419fd6d 100644 --- a/roots/DigiCert/DigiCert_Assured_ID_Root_G2.pem +++ b/roots/DigiCert/DigiCert_Assured_ID_Root_G2.pem @@ -1,5 +1,5 @@ # Label: DigiCert Assured ID Root G2 -# OpenSSL subject hash: c213266c +# OpenSSL subject hash: 9d04f354 # SHA1 fingerprint: A1:4B:48:D9:43:EE:0A:0E:40:90:4F:3C:E0:A4:C0:91:93:51:5D:3F # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/DigiCert/DigiCert_Assured_ID_Root_G3.pem b/roots/DigiCert/DigiCert_Assured_ID_Root_G3.pem index 729b419..288c526 100644 --- a/roots/DigiCert/DigiCert_Assured_ID_Root_G3.pem +++ b/roots/DigiCert/DigiCert_Assured_ID_Root_G3.pem @@ -1,5 +1,5 @@ # Label: DigiCert Assured ID Root G3 -# OpenSSL subject hash: 9dee8f0c +# OpenSSL subject hash: 7f3d5d1d # SHA1 fingerprint: F5:17:A2:4F:9A:48:C6:C9:F8:A2:00:26:9F:DC:0F:48:2C:AB:30:89 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/DigiCert/DigiCert_Global_Root_G2.pem b/roots/DigiCert/DigiCert_Global_Root_G2.pem index c92837c..c3b823a 100644 --- a/roots/DigiCert/DigiCert_Global_Root_G2.pem +++ b/roots/DigiCert/DigiCert_Global_Root_G2.pem @@ -1,5 +1,5 @@ # Label: DigiCert Global Root G2 -# OpenSSL subject hash: 25e51cd1 +# OpenSSL subject hash: 607986c7 # SHA1 fingerprint: DF:3C:24:F9:BF:D6:66:76:1B:26:80:73:FE:06:D1:CC:8D:4F:82:A4 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/DigiCert/DigiCert_Global_Root_G3.pem b/roots/DigiCert/DigiCert_Global_Root_G3.pem index 141744c..5a38f63 100644 --- a/roots/DigiCert/DigiCert_Global_Root_G3.pem +++ b/roots/DigiCert/DigiCert_Global_Root_G3.pem @@ -1,5 +1,5 @@ # Label: DigiCert Global Root G3 -# OpenSSL subject hash: af3ecf9c +# OpenSSL subject hash: dd8e9d41 # SHA1 fingerprint: 7E:04:DE:89:6A:3E:66:6D:00:E6:87:D3:3F:FA:D9:3B:E8:3D:34:9E # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/DigiCert/DigiCert_TLS_ECC_P384_Root_G5.pem b/roots/DigiCert/DigiCert_TLS_ECC_P384_Root_G5.pem index c2b5908..238dda1 100644 --- a/roots/DigiCert/DigiCert_TLS_ECC_P384_Root_G5.pem +++ b/roots/DigiCert/DigiCert_TLS_ECC_P384_Root_G5.pem @@ -1,5 +1,5 @@ # Label: DigiCert TLS ECC P384 Root G5 -# OpenSSL subject hash: ed3f0a6b +# OpenSSL subject hash: 9846683b # SHA1 fingerprint: 17:F3:DE:5E:9F:0F:19:E9:8E:F6:1F:32:26:6E:20:C4:07:AE:30:EE # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/DigiCert/DigiCert_TLS_RSA4096_Root_G5.pem b/roots/DigiCert/DigiCert_TLS_RSA4096_Root_G5.pem index b1486ee..8bf3d5b 100644 --- a/roots/DigiCert/DigiCert_TLS_RSA4096_Root_G5.pem +++ b/roots/DigiCert/DigiCert_TLS_RSA4096_Root_G5.pem @@ -1,5 +1,5 @@ # Label: DigiCert TLS RSA4096 Root G5 -# OpenSSL subject hash: 994f8dd4 +# OpenSSL subject hash: d52c538d # SHA1 fingerprint: A7:88:49:DC:5D:7C:75:8C:8C:DE:39:98:56:B3:AA:D0:B2:A5:71:35 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/DigiCert/DigiCert_Trusted_Root_G4.pem b/roots/DigiCert/DigiCert_Trusted_Root_G4.pem index d7a342a..0a41446 100644 --- a/roots/DigiCert/DigiCert_Trusted_Root_G4.pem +++ b/roots/DigiCert/DigiCert_Trusted_Root_G4.pem @@ -1,5 +1,5 @@ # Label: DigiCert Trusted Root G4 -# OpenSSL subject hash: 870389b7 +# OpenSSL subject hash: 75d1b2ed # SHA1 fingerprint: DD:FB:16:CD:49:31:C9:73:A2:03:7D:3F:C8:3A:4D:7D:77:5D:05:E4 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/DigiCert/QuoVadis_Root_CA_1_G3.pem b/roots/DigiCert/QuoVadis_Root_CA_1_G3.pem index a58d2f0..1b8bb6b 100644 --- a/roots/DigiCert/QuoVadis_Root_CA_1_G3.pem +++ b/roots/DigiCert/QuoVadis_Root_CA_1_G3.pem @@ -1,5 +1,5 @@ # Label: QuoVadis Root CA 1 G3 -# OpenSSL subject hash: 856c53f0 +# OpenSSL subject hash: 749e9e03 # SHA1 fingerprint: 1B:8E:EA:57:96:29:1A:C9:39:EA:B8:0A:81:1A:73:73:C0:93:79:67 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/DigiCert/QuoVadis_Root_CA_2_G3.pem b/roots/DigiCert/QuoVadis_Root_CA_2_G3.pem index 7de6f10..f1bc92e 100644 --- a/roots/DigiCert/QuoVadis_Root_CA_2_G3.pem +++ b/roots/DigiCert/QuoVadis_Root_CA_2_G3.pem @@ -1,5 +1,5 @@ # Label: QuoVadis Root CA 2 G3 -# OpenSSL subject hash: dfb5d9fa +# OpenSSL subject hash: 064e0aa9 # SHA1 fingerprint: 09:3C:61:F3:8B:8B:DC:7D:55:DF:75:38:02:05:00:E1:25:F5:C8:36 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/DigiCert/QuoVadis_Root_CA_3_G3.pem b/roots/DigiCert/QuoVadis_Root_CA_3_G3.pem index 0827916..e8eeb8a 100644 --- a/roots/DigiCert/QuoVadis_Root_CA_3_G3.pem +++ b/roots/DigiCert/QuoVadis_Root_CA_3_G3.pem @@ -1,5 +1,5 @@ # Label: QuoVadis Root CA 3 G3 -# OpenSSL subject hash: 870d470d +# OpenSSL subject hash: e18bfb83 # SHA1 fingerprint: 48:12:BD:92:3C:A8:C4:39:06:E7:30:6D:27:96:E6:A4:CF:22:2E:7D # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Disig/CA_Disig_Root_R2.pem b/roots/Disig/CA_Disig_Root_R2.pem index ca02ba4..e795159 100644 --- a/roots/Disig/CA_Disig_Root_R2.pem +++ b/roots/Disig/CA_Disig_Root_R2.pem @@ -1,5 +1,5 @@ # Label: CA Disig Root R2 -# OpenSSL subject hash: 482d4b7c +# OpenSSL subject hash: 2ae6433e # SHA1 fingerprint: B5:61:EB:EA:A4:DE:E4:25:4B:69:1A:98:A5:57:47:C2:34:C7:D9:71 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/FNMT-RCM/AC_RAIZ_FNMT_RCM.pem b/roots/FNMT-RCM/AC_RAIZ_FNMT_RCM.pem index f7dac10..760bb70 100644 --- a/roots/FNMT-RCM/AC_RAIZ_FNMT_RCM.pem +++ b/roots/FNMT-RCM/AC_RAIZ_FNMT_RCM.pem @@ -1,5 +1,5 @@ # Label: AC RAIZ FNMT-RCM -# OpenSSL subject hash: 23495735 +# OpenSSL subject hash: cd8c0d63 # SHA1 fingerprint: EC:50:35:07:B2:15:C4:95:62:19:E2:A8:9A:5B:42:99:2C:4C:2C:20 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/FNMT-RCM/AC_RAIZ_FNMT_RCM_SERVIDORES_SEGUROS.pem b/roots/FNMT-RCM/AC_RAIZ_FNMT_RCM_SERVIDORES_SEGUROS.pem index ce24ee2..e1c6f76 100644 --- a/roots/FNMT-RCM/AC_RAIZ_FNMT_RCM_SERVIDORES_SEGUROS.pem +++ b/roots/FNMT-RCM/AC_RAIZ_FNMT_RCM_SERVIDORES_SEGUROS.pem @@ -1,5 +1,5 @@ # Label: AC RAIZ FNMT-RCM SERVIDORES SEGUROS -# OpenSSL subject hash: c8a54705 +# OpenSSL subject hash: b81b93f0 # SHA1 fingerprint: 62:FF:D9:9E:C0:65:0D:03:CE:75:93:D2:ED:3F:2D:32:C9:E3:E5:4A # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Firmaprofesional/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem b/roots/Firmaprofesional/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem index 4625adf..bea1883 100644 --- a/roots/Firmaprofesional/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem +++ b/roots/Firmaprofesional/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem @@ -1,5 +1,5 @@ # Label: Autoridad de Certificacion Firmaprofesional CIF A62634068 -# OpenSSL subject hash: 3c9c73fc +# OpenSSL subject hash: 3bde41ac # SHA1 fingerprint: 0B:BE:C2:27:22:49:CB:39:AA:DB:35:5C:53:E3:8C:AE:78:FF:B6:FE # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/GDCA/GDCA_TrustAUTH_R5_ROOT.pem b/roots/GDCA/GDCA_TrustAUTH_R5_ROOT.pem index 3493671..583cc58 100644 --- a/roots/GDCA/GDCA_TrustAUTH_R5_ROOT.pem +++ b/roots/GDCA/GDCA_TrustAUTH_R5_ROOT.pem @@ -1,5 +1,5 @@ # Label: GDCA TrustAUTH R5 ROOT -# OpenSSL subject hash: 56942311 +# OpenSSL subject hash: 0f6fa695 # SHA1 fingerprint: 0F:36:38:5B:81:1A:25:C3:9B:31:4E:83:CA:E9:34:66:70:CC:74:B4 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/GlobalSign/GlobalSign_ECC_Root_CA_R4.pem b/roots/GlobalSign/GlobalSign_ECC_Root_CA_R4.pem index 3d44c82..9e4f701 100644 --- a/roots/GlobalSign/GlobalSign_ECC_Root_CA_R4.pem +++ b/roots/GlobalSign/GlobalSign_ECC_Root_CA_R4.pem @@ -1,5 +1,5 @@ # Label: GlobalSign ECC Root CA - R4 -# OpenSSL subject hash: 147da805 +# OpenSSL subject hash: b0e59380 # SHA1 fingerprint: 6B:A0:B0:98:E1:71:EF:5A:AD:FE:48:15:80:77:10:F4:BD:6F:0B:28 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/GlobalSign/GlobalSign_ECC_Root_CA_R5.pem b/roots/GlobalSign/GlobalSign_ECC_Root_CA_R5.pem index cd62e58..a054aeb 100644 --- a/roots/GlobalSign/GlobalSign_ECC_Root_CA_R5.pem +++ b/roots/GlobalSign/GlobalSign_ECC_Root_CA_R5.pem @@ -1,5 +1,5 @@ # Label: GlobalSign ECC Root CA - R5 -# OpenSSL subject hash: 33d15a03 +# OpenSSL subject hash: 1d3472b9 # SHA1 fingerprint: 1F:24:C6:30:CD:A4:18:EF:20:69:FF:AD:4F:DD:5F:46:3A:1B:69:AA # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/GlobalSign/GlobalSign_Root_CA_R3.pem b/roots/GlobalSign/GlobalSign_Root_CA_R3.pem index 4d1ec43..9ac17b0 100644 --- a/roots/GlobalSign/GlobalSign_Root_CA_R3.pem +++ b/roots/GlobalSign/GlobalSign_Root_CA_R3.pem @@ -1,5 +1,5 @@ # Label: GlobalSign Root CA - R3 -# OpenSSL subject hash: 7a8c7acc +# OpenSSL subject hash: 062cdee6 # SHA1 fingerprint: D6:9B:56:11:48:F0:1C:77:C5:45:78:C1:09:26:DF:5B:85:69:76:AD # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/GlobalSign/GlobalSign_Root_CA_R6.pem b/roots/GlobalSign/GlobalSign_Root_CA_R6.pem index 9086d89..02e21fd 100644 --- a/roots/GlobalSign/GlobalSign_Root_CA_R6.pem +++ b/roots/GlobalSign/GlobalSign_Root_CA_R6.pem @@ -1,5 +1,5 @@ # Label: GlobalSign Root CA - R6 -# OpenSSL subject hash: fff24c09 +# OpenSSL subject hash: dc4d6a89 # SHA1 fingerprint: 80:94:64:0E:B5:A7:A1:CA:11:9C:1F:DD:D5:9F:81:02:63:A7:FB:D1 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/GlobalSign/GlobalSign_Root_E46.pem b/roots/GlobalSign/GlobalSign_Root_E46.pem index cb54fa3..8f0db96 100644 --- a/roots/GlobalSign/GlobalSign_Root_E46.pem +++ b/roots/GlobalSign/GlobalSign_Root_E46.pem @@ -1,5 +1,5 @@ # Label: GlobalSign Root E46 -# OpenSSL subject hash: 33685712 +# OpenSSL subject hash: feffd413 # SHA1 fingerprint: 39:B4:6C:D5:FE:80:06:EB:E2:2F:4A:BB:08:33:A0:AF:DB:B9:DD:84 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/GlobalSign/GlobalSign_Root_R46.pem b/roots/GlobalSign/GlobalSign_Root_R46.pem index 160fbf5..19332ee 100644 --- a/roots/GlobalSign/GlobalSign_Root_R46.pem +++ b/roots/GlobalSign/GlobalSign_Root_R46.pem @@ -1,5 +1,5 @@ # Label: GlobalSign Root R46 -# OpenSSL subject hash: 140a68d1 +# OpenSSL subject hash: 002c0b4f # SHA1 fingerprint: 53:A2:B0:4B:CA:6B:D6:45:E6:39:8A:8E:C4:0D:D2:BF:77:C3:A2:90 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/GoDaddy/Go_Daddy_Root_Certificate_Authority_G2.pem b/roots/GoDaddy/Go_Daddy_Root_Certificate_Authority_G2.pem index 71b12f8..a90d5cd 100644 --- a/roots/GoDaddy/Go_Daddy_Root_Certificate_Authority_G2.pem +++ b/roots/GoDaddy/Go_Daddy_Root_Certificate_Authority_G2.pem @@ -1,5 +1,5 @@ # Label: Go Daddy Root Certificate Authority - G2 -# OpenSSL subject hash: ccdeb4af +# OpenSSL subject hash: cbf06781 # SHA1 fingerprint: 47:BE:AB:C9:22:EA:E8:0E:78:78:34:62:A7:9F:45:C2:54:FD:E6:8B # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/GoDaddy/Starfield_Root_Certificate_Authority_G2.pem b/roots/GoDaddy/Starfield_Root_Certificate_Authority_G2.pem index b792049..facf70c 100644 --- a/roots/GoDaddy/Starfield_Root_Certificate_Authority_G2.pem +++ b/roots/GoDaddy/Starfield_Root_Certificate_Authority_G2.pem @@ -1,5 +1,5 @@ # Label: Starfield Root Certificate Authority - G2 -# OpenSSL subject hash: de8fe0c1 +# OpenSSL subject hash: 4bfab552 # SHA1 fingerprint: B5:1C:06:7C:EE:2B:0C:3D:F8:55:AB:2D:92:F4:FE:39:D4:E7:0F:0E # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/GoDaddy/Starfield_Services_Root_Certificate_Authority_G2.pem b/roots/GoDaddy/Starfield_Services_Root_Certificate_Authority_G2.pem index eff8914..2fe54a3 100644 --- a/roots/GoDaddy/Starfield_Services_Root_Certificate_Authority_G2.pem +++ b/roots/GoDaddy/Starfield_Services_Root_Certificate_Authority_G2.pem @@ -1,5 +1,5 @@ # Label: Starfield Services Root Certificate Authority - G2 -# OpenSSL subject hash: 92e7b11a +# OpenSSL subject hash: 09789157 # SHA1 fingerprint: 92:5A:8F:8D:2C:6D:04:E0:66:5F:59:6A:FF:22:D8:63:E8:25:6F:3F # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Google-Trust-Services/GTS_Root_R1.pem b/roots/Google-Trust-Services/GTS_Root_R1.pem index 0cdd14d..70f086e 100644 --- a/roots/Google-Trust-Services/GTS_Root_R1.pem +++ b/roots/Google-Trust-Services/GTS_Root_R1.pem @@ -1,5 +1,5 @@ # Label: GTS Root R1 -# OpenSSL subject hash: 06675a7d +# OpenSSL subject hash: 1001acf7 # SHA1 fingerprint: E5:8C:1C:C4:91:3B:38:63:4B:E9:10:6E:E3:AD:8E:6B:9D:D9:81:4A # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Google-Trust-Services/GTS_Root_R3.pem b/roots/Google-Trust-Services/GTS_Root_R3.pem index 45ef446..7d2e33c 100644 --- a/roots/Google-Trust-Services/GTS_Root_R3.pem +++ b/roots/Google-Trust-Services/GTS_Root_R3.pem @@ -1,5 +1,5 @@ # Label: GTS Root R3 -# OpenSSL subject hash: af373e8d +# OpenSSL subject hash: 0a775a30 # SHA1 fingerprint: ED:E5:71:80:2B:C8:92:B9:5B:83:3C:D2:32:68:3F:09:CD:A0:1E:46 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Google-Trust-Services/GTS_Root_R4.pem b/roots/Google-Trust-Services/GTS_Root_R4.pem index 71588e0..ff99029 100644 --- a/roots/Google-Trust-Services/GTS_Root_R4.pem +++ b/roots/Google-Trust-Services/GTS_Root_R4.pem @@ -1,5 +1,5 @@ # Label: GTS Root R4 -# OpenSSL subject hash: 3bd90905 +# OpenSSL subject hash: a3418fda # SHA1 fingerprint: 77:D3:03:67:B5:E0:0C:15:F6:0C:38:61:DF:7C:E1:3B:92:46:4D:47 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/HARICA/HARICA_TLS_ECC_Root_CA_2021.pem b/roots/HARICA/HARICA_TLS_ECC_Root_CA_2021.pem index 49e914f..9a98566 100644 --- a/roots/HARICA/HARICA_TLS_ECC_Root_CA_2021.pem +++ b/roots/HARICA/HARICA_TLS_ECC_Root_CA_2021.pem @@ -1,5 +1,5 @@ # Label: HARICA TLS ECC Root CA 2021 -# OpenSSL subject hash: 5280ce10 +# OpenSSL subject hash: ecccd8db # SHA1 fingerprint: BC:B0:C1:9D:E9:98:92:70:19:38:57:E9:8D:A7:B4:5D:6E:EE:01:48 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/HARICA/HARICA_TLS_RSA_Root_CA_2021.pem b/roots/HARICA/HARICA_TLS_RSA_Root_CA_2021.pem index 51ec793..7f1a509 100644 --- a/roots/HARICA/HARICA_TLS_RSA_Root_CA_2021.pem +++ b/roots/HARICA/HARICA_TLS_RSA_Root_CA_2021.pem @@ -1,5 +1,5 @@ # Label: HARICA TLS RSA Root CA 2021 -# OpenSSL subject hash: 348281a6 +# OpenSSL subject hash: 9f727ac7 # SHA1 fingerprint: 02:2D:05:82:FA:88:CE:14:0C:06:79:DE:7F:14:10:E9:45:D7:A5:6D # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/HARICA/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem b/roots/HARICA/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem index 97a0878..acdd3df 100644 --- a/roots/HARICA/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem +++ b/roots/HARICA/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem @@ -1,5 +1,5 @@ # Label: Hellenic Academic and Research Institutions ECC RootCA 2015 -# OpenSSL subject hash: 9364ac62 +# OpenSSL subject hash: 7719f463 # SHA1 fingerprint: 9F:F1:71:8D:92:D5:9A:F3:7D:74:97:B4:BC:6F:84:68:0B:BA:B6:66 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/HARICA/Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem b/roots/HARICA/Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem index be44f5b..97bdccd 100644 --- a/roots/HARICA/Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem +++ b/roots/HARICA/Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem @@ -1,5 +1,5 @@ # Label: Hellenic Academic and Research Institutions RootCA 2015 -# OpenSSL subject hash: 6212e9a1 +# OpenSSL subject hash: 32888f65 # SHA1 fingerprint: 01:0C:06:95:A6:98:19:14:FF:BF:5F:C6:B0:B6:95:EA:29:E9:12:A6 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Hongkong-Post/Hongkong_Post_Root_CA_3.pem b/roots/Hongkong-Post/Hongkong_Post_Root_CA_3.pem index 42e0229..3fa4ae5 100644 --- a/roots/Hongkong-Post/Hongkong_Post_Root_CA_3.pem +++ b/roots/Hongkong-Post/Hongkong_Post_Root_CA_3.pem @@ -1,5 +1,5 @@ # Label: Hongkong Post Root CA 3 -# OpenSSL subject hash: a4424933 +# OpenSSL subject hash: 68dd7389 # SHA1 fingerprint: 58:A2:D0:EC:20:52:81:5B:C1:F3:F8:64:02:24:4E:C2:8E:02:4B:02 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/ISRG/ISRG_Root_X1.pem b/roots/ISRG/ISRG_Root_X1.pem index dea3edf..687cd85 100644 --- a/roots/ISRG/ISRG_Root_X1.pem +++ b/roots/ISRG/ISRG_Root_X1.pem @@ -1,5 +1,5 @@ # Label: ISRG Root X1 -# OpenSSL subject hash: 9881c650 +# OpenSSL subject hash: 4042bcee # SHA1 fingerprint: CA:BD:2A:79:A1:07:6A:31:F2:1D:25:36:35:CB:03:9D:43:29:A5:E8 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/ISRG/ISRG_Root_X2.pem b/roots/ISRG/ISRG_Root_X2.pem index dea3625..87b788c 100644 --- a/roots/ISRG/ISRG_Root_X2.pem +++ b/roots/ISRG/ISRG_Root_X2.pem @@ -1,5 +1,5 @@ # Label: ISRG Root X2 -# OpenSSL subject hash: 8245b81e +# OpenSSL subject hash: 0b9bc432 # SHA1 fingerprint: BD:B1:B9:3C:D5:97:8D:45:C6:26:14:55:F8:DB:95:C7:5A:D1:53:AF # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/IdenTrust/IdenTrust_Commercial_Root_CA_1.pem b/roots/IdenTrust/IdenTrust_Commercial_Root_CA_1.pem index c73f1ad..a05929d 100644 --- a/roots/IdenTrust/IdenTrust_Commercial_Root_CA_1.pem +++ b/roots/IdenTrust/IdenTrust_Commercial_Root_CA_1.pem @@ -1,5 +1,5 @@ # Label: IdenTrust Commercial Root CA 1 -# OpenSSL subject hash: 8cfe806d +# OpenSSL subject hash: ef954a4e # SHA1 fingerprint: DF:71:7E:AA:4A:D9:4E:C9:55:84:99:60:2D:48:DE:5F:BC:F0:3A:25 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/IdenTrust/IdenTrust_Public_Sector_Root_CA_1.pem b/roots/IdenTrust/IdenTrust_Public_Sector_Root_CA_1.pem index 04eabdc..46ae938 100644 --- a/roots/IdenTrust/IdenTrust_Public_Sector_Root_CA_1.pem +++ b/roots/IdenTrust/IdenTrust_Public_Sector_Root_CA_1.pem @@ -1,5 +1,5 @@ # Label: IdenTrust Public Sector Root CA 1 -# OpenSSL subject hash: 58d0baef +# OpenSSL subject hash: 1e08bfd1 # SHA1 fingerprint: BA:29:41:60:77:98:3F:F4:F3:EF:F2:31:05:3B:2E:EA:6D:4D:45:FD # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Izenpe/Izenpe_com.pem b/roots/Izenpe/Izenpe_com.pem index e8e69f0..7c16288 100644 --- a/roots/Izenpe/Izenpe_com.pem +++ b/roots/Izenpe/Izenpe_com.pem @@ -1,5 +1,5 @@ # Label: Izenpe.com -# OpenSSL subject hash: 7cef29fe +# OpenSSL subject hash: cc450945 # SHA1 fingerprint: 2F:78:3D:25:52:18:A7:4A:65:39:71:B5:2C:A2:9C:45:15:6F:E9:19 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/KIR/SZAFIR_ROOT_CA2.pem b/roots/KIR/SZAFIR_ROOT_CA2.pem index 2a810ce..897cb66 100644 --- a/roots/KIR/SZAFIR_ROOT_CA2.pem +++ b/roots/KIR/SZAFIR_ROOT_CA2.pem @@ -1,5 +1,5 @@ # Label: SZAFIR ROOT CA2 -# OpenSSL subject hash: 494df914 +# OpenSSL subject hash: fe8a2cd8 # SHA1 fingerprint: E2:52:FA:95:3F:ED:DB:24:60:BD:6E:28:F3:9C:CC:CF:5E:B3:3F:DE # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Microsec/Microsec_e_Szigno_Root_CA_2009.pem b/roots/Microsec/Microsec_e_Szigno_Root_CA_2009.pem index 991aec7..2890426 100644 --- a/roots/Microsec/Microsec_e_Szigno_Root_CA_2009.pem +++ b/roots/Microsec/Microsec_e_Szigno_Root_CA_2009.pem @@ -1,5 +1,5 @@ # Label: Microsec e-Szigno Root CA 2009 -# OpenSSL subject hash: d51d0c84 +# OpenSSL subject hash: 8160b96c # SHA1 fingerprint: 89:DF:74:FE:5C:F4:0F:4A:80:F9:E3:37:7D:54:DA:91:E1:01:31:8E # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Microsec/e_Szigno_Root_CA_2017.pem b/roots/Microsec/e_Szigno_Root_CA_2017.pem index 37a7a17..110ed8e 100644 --- a/roots/Microsec/e_Szigno_Root_CA_2017.pem +++ b/roots/Microsec/e_Szigno_Root_CA_2017.pem @@ -1,5 +1,5 @@ # Label: e-Szigno Root CA 2017 -# OpenSSL subject hash: c957ca2c +# OpenSSL subject hash: e868b802 # SHA1 fingerprint: 89:D4:83:03:4F:9E:9A:48:80:5F:72:37:D4:A9:A6:EF:CB:7C:1F:D1 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Microsec/e_Szigno_TLS_Root_CA_2023.pem b/roots/Microsec/e_Szigno_TLS_Root_CA_2023.pem index ef3868b..824dc1c 100644 --- a/roots/Microsec/e_Szigno_TLS_Root_CA_2023.pem +++ b/roots/Microsec/e_Szigno_TLS_Root_CA_2023.pem @@ -1,5 +1,5 @@ # Label: e-Szigno TLS Root CA 2023 -# OpenSSL subject hash: 80fe125a +# OpenSSL subject hash: f44703f1 # SHA1 fingerprint: 6F:9A:D5:D5:DF:E8:2C:EB:BE:37:07:EE:4F:4F:52:58:29:41:D1:FE # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Microsoft/Microsoft_ECC_Root_Certificate_Authority_2017.pem b/roots/Microsoft/Microsoft_ECC_Root_Certificate_Authority_2017.pem index 6fd97be..6e75c68 100644 --- a/roots/Microsoft/Microsoft_ECC_Root_Certificate_Authority_2017.pem +++ b/roots/Microsoft/Microsoft_ECC_Root_Certificate_Authority_2017.pem @@ -1,5 +1,5 @@ # Label: Microsoft ECC Root Certificate Authority 2017 -# OpenSSL subject hash: 0b382186 +# OpenSSL subject hash: 8d89cda1 # SHA1 fingerprint: 99:9A:64:C3:7F:F4:7D:9F:AB:95:F1:47:69:89:14:60:EE:C4:C3:C5 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Microsoft/Microsoft_RSA_Root_Certificate_Authority_2017.pem b/roots/Microsoft/Microsoft_RSA_Root_Certificate_Authority_2017.pem index 6537739..a703c12 100644 --- a/roots/Microsoft/Microsoft_RSA_Root_Certificate_Authority_2017.pem +++ b/roots/Microsoft/Microsoft_RSA_Root_Certificate_Authority_2017.pem @@ -1,5 +1,5 @@ # Label: Microsoft RSA Root Certificate Authority 2017 -# OpenSSL subject hash: 5d81c5fc +# OpenSSL subject hash: bf53fb88 # SHA1 fingerprint: 73:A5:E6:4A:3B:FF:83:16:FF:0E:DC:CC:61:8A:90:6E:4E:AE:4D:74 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/NAVER/NAVER_Global_Root_Certification_Authority.pem b/roots/NAVER/NAVER_Global_Root_Certification_Authority.pem index 33d6303..f1d4f0f 100644 --- a/roots/NAVER/NAVER_Global_Root_Certification_Authority.pem +++ b/roots/NAVER/NAVER_Global_Root_Certification_Authority.pem @@ -1,5 +1,5 @@ # Label: NAVER Global Root Certification Authority -# OpenSSL subject hash: f2ff9ce5 +# OpenSSL subject hash: 3fb36b73 # SHA1 fingerprint: 8F:6B:F2:A9:27:4A:DA:14:A0:C4:F4:8E:61:27:F9:C0:1E:78:5D:D1 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/NetLock/NetLock_Arany_Class_Gold_F_tan_s_tv_ny.pem b/roots/NetLock/NetLock_Arany_Class_Gold_F_tan_s_tv_ny.pem index 8f881e8..1de37d6 100644 --- a/roots/NetLock/NetLock_Arany_Class_Gold_F_tan_s_tv_ny.pem +++ b/roots/NetLock/NetLock_Arany_Class_Gold_F_tan_s_tv_ny.pem @@ -1,5 +1,5 @@ # Label: NetLock Arany (Class Gold) Főtanúsítvány -# OpenSSL subject hash: 8fb9ccb1 +# OpenSSL subject hash: 988a38cb # SHA1 fingerprint: 06:08:3F:59:3F:15:A1:04:A0:69:A4:6B:A9:03:D0:06:B7:97:09:91 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/SECOM/Security_Communication_ECC_RootCA1.pem b/roots/SECOM/Security_Communication_ECC_RootCA1.pem index d8fc1b8..6c39d1d 100644 --- a/roots/SECOM/Security_Communication_ECC_RootCA1.pem +++ b/roots/SECOM/Security_Communication_ECC_RootCA1.pem @@ -1,5 +1,5 @@ # Label: Security Communication ECC RootCA1 -# OpenSSL subject hash: e3158542 +# OpenSSL subject hash: 5860aaa6 # SHA1 fingerprint: B8:0E:26:A9:BF:D2:B2:3B:C0:EF:46:C9:BA:C7:BB:F6:1D:0D:41:41 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/SECOM/Security_Communication_RootCA2.pem b/roots/SECOM/Security_Communication_RootCA2.pem index 08114de..fbf97f6 100644 --- a/roots/SECOM/Security_Communication_RootCA2.pem +++ b/roots/SECOM/Security_Communication_RootCA2.pem @@ -1,5 +1,5 @@ # Label: Security Communication RootCA2 -# OpenSSL subject hash: 3394410e +# OpenSSL subject hash: cd58d51e # SHA1 fingerprint: 5F:3B:8C:F2:F8:10:B3:7D:78:B4:CE:EC:19:19:C3:73:34:B9:C7:74 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/SSL.com/SSL_com_EV_Root_Certification_Authority_ECC.pem b/roots/SSL.com/SSL_com_EV_Root_Certification_Authority_ECC.pem index f6314a4..24c4b99 100644 --- a/roots/SSL.com/SSL_com_EV_Root_Certification_Authority_ECC.pem +++ b/roots/SSL.com/SSL_com_EV_Root_Certification_Authority_ECC.pem @@ -1,5 +1,5 @@ # Label: SSL.com EV Root Certification Authority ECC -# OpenSSL subject hash: 78ad4c5f +# OpenSSL subject hash: f0c70a8d # SHA1 fingerprint: 4C:DD:51:A3:D1:F5:20:32:14:B0:C6:C5:32:23:03:91:C7:46:42:6D # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/SSL.com/SSL_com_EV_Root_Certification_Authority_RSA_R2.pem b/roots/SSL.com/SSL_com_EV_Root_Certification_Authority_RSA_R2.pem index b27ac79..b3dbac1 100644 --- a/roots/SSL.com/SSL_com_EV_Root_Certification_Authority_RSA_R2.pem +++ b/roots/SSL.com/SSL_com_EV_Root_Certification_Authority_RSA_R2.pem @@ -1,5 +1,5 @@ # Label: SSL.com EV Root Certification Authority RSA R2 -# OpenSSL subject hash: 466d6f9e +# OpenSSL subject hash: 06dc52d5 # SHA1 fingerprint: 74:3A:F0:52:9B:D0:32:A0:F4:4A:83:CD:D4:BA:A9:7B:7C:2E:C4:9A # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/SSL.com/SSL_com_Root_Certification_Authority_ECC.pem b/roots/SSL.com/SSL_com_Root_Certification_Authority_ECC.pem index 451b3ab..46f25d5 100644 --- a/roots/SSL.com/SSL_com_Root_Certification_Authority_ECC.pem +++ b/roots/SSL.com/SSL_com_Root_Certification_Authority_ECC.pem @@ -1,5 +1,5 @@ # Label: SSL.com Root Certification Authority ECC -# OpenSSL subject hash: 3f4e440b +# OpenSSL subject hash: 0bf05006 # SHA1 fingerprint: C3:19:7C:39:24:E6:54:AF:1B:C4:AB:20:95:7A:E2:C3:0E:13:02:6A # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/SSL.com/SSL_com_Root_Certification_Authority_RSA.pem b/roots/SSL.com/SSL_com_Root_Certification_Authority_RSA.pem index 30571db..65c23db 100644 --- a/roots/SSL.com/SSL_com_Root_Certification_Authority_RSA.pem +++ b/roots/SSL.com/SSL_com_Root_Certification_Authority_RSA.pem @@ -1,5 +1,5 @@ # Label: SSL.com Root Certification Authority RSA -# OpenSSL subject hash: 6384d4a6 +# OpenSSL subject hash: 6fa5da56 # SHA1 fingerprint: B7:AB:33:08:D1:EA:44:77:BA:14:80:12:5A:6F:BD:A9:36:49:0C:BB # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/SSL.com/SSL_com_TLS_ECC_Root_CA_2022.pem b/roots/SSL.com/SSL_com_TLS_ECC_Root_CA_2022.pem index 2582469..248b648 100644 --- a/roots/SSL.com/SSL_com_TLS_ECC_Root_CA_2022.pem +++ b/roots/SSL.com/SSL_com_TLS_ECC_Root_CA_2022.pem @@ -1,5 +1,5 @@ # Label: SSL.com TLS ECC Root CA 2022 -# OpenSSL subject hash: 8b682d02 +# OpenSSL subject hash: 865fbdf9 # SHA1 fingerprint: 9F:5F:D9:1A:54:6D:F5:0C:71:F0:EE:7A:BD:17:49:98:84:73:E2:39 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/SSL.com/SSL_com_TLS_RSA_Root_CA_2022.pem b/roots/SSL.com/SSL_com_TLS_RSA_Root_CA_2022.pem index d308c38..2a7eb00 100644 --- a/roots/SSL.com/SSL_com_TLS_RSA_Root_CA_2022.pem +++ b/roots/SSL.com/SSL_com_TLS_RSA_Root_CA_2022.pem @@ -1,5 +1,5 @@ # Label: SSL.com TLS RSA Root CA 2022 -# OpenSSL subject hash: 3ebcfd5b +# OpenSSL subject hash: a89d74c2 # SHA1 fingerprint: EC:2C:83:40:72:AF:26:95:10:FF:0E:F2:03:EE:31:70:F6:78:9D:CA # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Sectigo/COMODO_ECC_Certification_Authority.pem b/roots/Sectigo/COMODO_ECC_Certification_Authority.pem index 8392f33..b0372eb 100644 --- a/roots/Sectigo/COMODO_ECC_Certification_Authority.pem +++ b/roots/Sectigo/COMODO_ECC_Certification_Authority.pem @@ -1,5 +1,5 @@ # Label: COMODO ECC Certification Authority -# OpenSSL subject hash: ed6e94ad +# OpenSSL subject hash: eed8c118 # SHA1 fingerprint: 9F:74:4E:9F:2B:4D:BA:EC:0F:31:2C:50:B6:56:3B:8E:2D:93:C3:11 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Sectigo/COMODO_RSA_Certification_Authority.pem b/roots/Sectigo/COMODO_RSA_Certification_Authority.pem index 296dc2e..e761283 100644 --- a/roots/Sectigo/COMODO_RSA_Certification_Authority.pem +++ b/roots/Sectigo/COMODO_RSA_Certification_Authority.pem @@ -1,5 +1,5 @@ # Label: COMODO RSA Certification Authority -# OpenSSL subject hash: 8193d59b +# OpenSSL subject hash: d6325660 # SHA1 fingerprint: AF:E5:D2:44:A8:D1:19:42:30:FF:47:9F:E2:F8:97:BB:CD:7A:8C:B4 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Sectigo/Sectigo_Public_Server_Authentication_Root_E46.pem b/roots/Sectigo/Sectigo_Public_Server_Authentication_Root_E46.pem index 2f78cb2..9f87ae4 100644 --- a/roots/Sectigo/Sectigo_Public_Server_Authentication_Root_E46.pem +++ b/roots/Sectigo/Sectigo_Public_Server_Authentication_Root_E46.pem @@ -1,5 +1,5 @@ # Label: Sectigo Public Server Authentication Root E46 -# OpenSSL subject hash: 823b3a4b +# OpenSSL subject hash: da0cfd1d # SHA1 fingerprint: EC:8A:39:6C:40:F0:2E:BC:42:75:D4:9F:AB:1C:1A:5B:67:BE:D2:9A # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Sectigo/Sectigo_Public_Server_Authentication_Root_R46.pem b/roots/Sectigo/Sectigo_Public_Server_Authentication_Root_R46.pem index 178b456..ecdfe37 100644 --- a/roots/Sectigo/Sectigo_Public_Server_Authentication_Root_R46.pem +++ b/roots/Sectigo/Sectigo_Public_Server_Authentication_Root_R46.pem @@ -1,5 +1,5 @@ # Label: Sectigo Public Server Authentication Root R46 -# OpenSSL subject hash: 9cd5c62c +# OpenSSL subject hash: 9046744a # SHA1 fingerprint: AD:98:F9:F3:E4:7D:75:3B:65:D4:82:B3:A4:52:17:BB:6E:F5:E4:38 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Sectigo/USERTrust_ECC_Certification_Authority.pem b/roots/Sectigo/USERTrust_ECC_Certification_Authority.pem index 972b98c..b47cd83 100644 --- a/roots/Sectigo/USERTrust_ECC_Certification_Authority.pem +++ b/roots/Sectigo/USERTrust_ECC_Certification_Authority.pem @@ -1,5 +1,5 @@ # Label: USERTrust ECC Certification Authority -# OpenSSL subject hash: 0724d1d7 +# OpenSSL subject hash: f30dd6ad # SHA1 fingerprint: D1:CB:CA:5D:B2:D5:2A:7F:69:3B:67:4D:E5:F0:5A:1D:0C:95:7D:F0 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Sectigo/USERTrust_RSA_Certification_Authority.pem b/roots/Sectigo/USERTrust_RSA_Certification_Authority.pem index 9419f6b..b417e2d 100644 --- a/roots/Sectigo/USERTrust_RSA_Certification_Authority.pem +++ b/roots/Sectigo/USERTrust_RSA_Certification_Authority.pem @@ -1,5 +1,5 @@ # Label: USERTrust RSA Certification Authority -# OpenSSL subject hash: 63b997b5 +# OpenSSL subject hash: fc5a8f99 # SHA1 fingerprint: 2B:8F:1B:57:33:0D:BB:A2:D0:7A:6C:51:F7:0E:E9:0D:DA:B9:AD:8E # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/SwissSign/SwissSign_RSA_TLS_Root_CA_2022_1.pem b/roots/SwissSign/SwissSign_RSA_TLS_Root_CA_2022_1.pem index 41bcff5..2a56419 100644 --- a/roots/SwissSign/SwissSign_RSA_TLS_Root_CA_2022_1.pem +++ b/roots/SwissSign/SwissSign_RSA_TLS_Root_CA_2022_1.pem @@ -1,5 +1,5 @@ # Label: SwissSign RSA TLS Root CA 2022 - 1 -# OpenSSL subject hash: fe76dae9 +# OpenSSL subject hash: 9e654b62 # SHA1 fingerprint: 81:34:0A:BE:4C:CD:CE:CC:E7:7D:CC:8A:D4:57:E2:45:A0:77:5D:CE # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/TUBITAK/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_Surum_1.pem b/roots/TUBITAK/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_Surum_1.pem index 60763ad..f31298d 100644 --- a/roots/TUBITAK/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_Surum_1.pem +++ b/roots/TUBITAK/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_Surum_1.pem @@ -1,5 +1,5 @@ # Label: TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 -# OpenSSL subject hash: 6ac89d31 +# OpenSSL subject hash: ff34af3f # SHA1 fingerprint: 31:43:64:9B:EC:CE:27:EC:ED:3A:3F:0B:8F:0D:E4:E8:91:DD:EE:CA # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/TWCA/TWCA_CYBER_Root_CA.pem b/roots/TWCA/TWCA_CYBER_Root_CA.pem index 1e2cb32..79bf1f2 100644 --- a/roots/TWCA/TWCA_CYBER_Root_CA.pem +++ b/roots/TWCA/TWCA_CYBER_Root_CA.pem @@ -1,5 +1,5 @@ # Label: TWCA CYBER Root CA -# OpenSSL subject hash: f1930d99 +# OpenSSL subject hash: b8d25de6 # SHA1 fingerprint: F6:B1:1C:1A:83:38:E9:7B:DB:B3:A8:C8:33:24:E0:2D:9C:7F:26:66 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/TWCA/TWCA_Global_Root_CA.pem b/roots/TWCA/TWCA_Global_Root_CA.pem index 6be37d0..1d12ac8 100644 --- a/roots/TWCA/TWCA_Global_Root_CA.pem +++ b/roots/TWCA/TWCA_Global_Root_CA.pem @@ -1,5 +1,5 @@ # Label: TWCA Global Root CA -# OpenSSL subject hash: b4daa235 +# OpenSSL subject hash: 5f15c80c # SHA1 fingerprint: 9C:BB:48:53:F6:A4:F6:D3:52:A4:E8:32:52:55:60:13:F5:AD:AF:65 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/TWCA/TWCA_Root_Certification_Authority.pem b/roots/TWCA/TWCA_Root_Certification_Authority.pem index d2b9dba..4129e48 100644 --- a/roots/TWCA/TWCA_Root_Certification_Authority.pem +++ b/roots/TWCA/TWCA_Root_Certification_Authority.pem @@ -1,5 +1,5 @@ # Label: TWCA Root Certification Authority -# OpenSSL subject hash: 2ecf4814 +# OpenSSL subject hash: b7a5b843 # SHA1 fingerprint: CF:9E:87:6D:D3:EB:FC:42:26:97:A3:B5:A3:7A:A0:76:A9:06:23:48 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Telekom-Security/T_TeleSec_GlobalRoot_Class_2.pem b/roots/Telekom-Security/T_TeleSec_GlobalRoot_Class_2.pem index 6003d5f..144d1b0 100644 --- a/roots/Telekom-Security/T_TeleSec_GlobalRoot_Class_2.pem +++ b/roots/Telekom-Security/T_TeleSec_GlobalRoot_Class_2.pem @@ -1,5 +1,5 @@ # Label: T-TeleSec GlobalRoot Class 2 -# OpenSSL subject hash: 55448be0 +# OpenSSL subject hash: 1e09d511 # SHA1 fingerprint: 59:0D:2D:7D:88:4F:40:2E:61:7E:A5:62:32:17:65:CF:17:D8:94:E9 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Telekom-Security/T_TeleSec_GlobalRoot_Class_3.pem b/roots/Telekom-Security/T_TeleSec_GlobalRoot_Class_3.pem index bdbad73..b7363b0 100644 --- a/roots/Telekom-Security/T_TeleSec_GlobalRoot_Class_3.pem +++ b/roots/Telekom-Security/T_TeleSec_GlobalRoot_Class_3.pem @@ -1,5 +1,5 @@ # Label: T-TeleSec GlobalRoot Class 3 -# OpenSSL subject hash: 538417ab +# OpenSSL subject hash: 5443e9e3 # SHA1 fingerprint: 55:A6:72:3E:CB:F2:EC:CD:C3:23:74:70:19:9D:2A:BE:11:E3:81:D1 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Telekom-Security/Telekom_Security_TLS_ECC_Root_2020.pem b/roots/Telekom-Security/Telekom_Security_TLS_ECC_Root_2020.pem index 693ca8b..ee43cbf 100644 --- a/roots/Telekom-Security/Telekom_Security_TLS_ECC_Root_2020.pem +++ b/roots/Telekom-Security/Telekom_Security_TLS_ECC_Root_2020.pem @@ -1,5 +1,5 @@ # Label: Telekom Security TLS ECC Root 2020 -# OpenSSL subject hash: fbe8bb05 +# OpenSSL subject hash: ddcda989 # SHA1 fingerprint: C0:F8:96:C5:A9:3B:01:06:21:07:DA:18:42:48:BC:E9:9D:88:D5:EC # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Telekom-Security/Telekom_Security_TLS_RSA_Root_2023.pem b/roots/Telekom-Security/Telekom_Security_TLS_RSA_Root_2023.pem index 91cb8a6..8f14c05 100644 --- a/roots/Telekom-Security/Telekom_Security_TLS_RSA_Root_2023.pem +++ b/roots/Telekom-Security/Telekom_Security_TLS_RSA_Root_2023.pem @@ -1,5 +1,5 @@ # Label: Telekom Security TLS RSA Root 2023 -# OpenSSL subject hash: c259264a +# OpenSSL subject hash: 7fa05551 # SHA1 fingerprint: 54:D3:AC:B3:BD:57:56:F6:85:9D:CE:E5:C3:21:E2:D4:AD:83:D0:93 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/Telia/Telia_Root_CA_v2.pem b/roots/Telia/Telia_Root_CA_v2.pem index 463f9ac..4225403 100644 --- a/roots/Telia/Telia_Root_CA_v2.pem +++ b/roots/Telia/Telia_Root_CA_v2.pem @@ -1,5 +1,5 @@ # Label: Telia Root CA v2 -# OpenSSL subject hash: bb081fc4 +# OpenSSL subject hash: 8f103249 # SHA1 fingerprint: B9:99:CD:D1:73:50:8A:C4:47:05:08:9C:8C:88:FB:BE:A0:2B:40:CD # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/TrustAsia/TrustAsia_Global_Root_CA_G3.pem b/roots/TrustAsia/TrustAsia_Global_Root_CA_G3.pem index c4093c0..af26d43 100644 --- a/roots/TrustAsia/TrustAsia_Global_Root_CA_G3.pem +++ b/roots/TrustAsia/TrustAsia_Global_Root_CA_G3.pem @@ -1,5 +1,5 @@ # Label: TrustAsia Global Root CA G3 -# OpenSSL subject hash: bc293f52 +# OpenSSL subject hash: 9bf03295 # SHA1 fingerprint: 63:CF:B6:C1:27:2B:56:E4:88:8E:1C:23:9A:B6:2E:81:47:24:C3:C7 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/TrustAsia/TrustAsia_Global_Root_CA_G4.pem b/roots/TrustAsia/TrustAsia_Global_Root_CA_G4.pem index 4ee3c6a..75c68f6 100644 --- a/roots/TrustAsia/TrustAsia_Global_Root_CA_G4.pem +++ b/roots/TrustAsia/TrustAsia_Global_Root_CA_G4.pem @@ -1,5 +1,5 @@ # Label: TrustAsia Global Root CA G4 -# OpenSSL subject hash: 62d82f60 +# OpenSSL subject hash: 1cef98f5 # SHA1 fingerprint: 57:73:A5:61:5D:80:B2:E6:AC:38:82:FC:68:07:31:AC:9F:B5:92:5A # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/TrustAsia/TrustAsia_TLS_ECC_Root_CA.pem b/roots/TrustAsia/TrustAsia_TLS_ECC_Root_CA.pem index f5b87c7..5aa69d5 100644 --- a/roots/TrustAsia/TrustAsia_TLS_ECC_Root_CA.pem +++ b/roots/TrustAsia/TrustAsia_TLS_ECC_Root_CA.pem @@ -1,5 +1,5 @@ # Label: TrustAsia TLS ECC Root CA -# OpenSSL subject hash: 183ac215 +# OpenSSL subject hash: 2ccbdda3 # SHA1 fingerprint: B5:EC:39:F3:A1:66:37:AE:C3:05:94:57:E2:BE:11:BE:B7:A1:7F:36 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/TrustAsia/TrustAsia_TLS_RSA_Root_CA.pem b/roots/TrustAsia/TrustAsia_TLS_RSA_Root_CA.pem index d86b34d..340d079 100644 --- a/roots/TrustAsia/TrustAsia_TLS_RSA_Root_CA.pem +++ b/roots/TrustAsia/TrustAsia_TLS_RSA_Root_CA.pem @@ -1,5 +1,5 @@ # Label: TrustAsia TLS RSA Root CA -# OpenSSL subject hash: 9a798692 +# OpenSSL subject hash: b0d5255e # SHA1 fingerprint: A5:46:50:C5:62:EA:95:9A:1A:A7:04:6F:17:58:C7:29:53:3D:03:FA # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/TunTrust/TunTrust_Root_CA.pem b/roots/TunTrust/TunTrust_Root_CA.pem index 4622a4d..143096d 100644 --- a/roots/TunTrust/TunTrust_Root_CA.pem +++ b/roots/TunTrust/TunTrust_Root_CA.pem @@ -1,5 +1,5 @@ # Label: TunTrust Root CA -# OpenSSL subject hash: 22d8ffa6 +# OpenSSL subject hash: fd64f3fc # SHA1 fingerprint: CF:E9:70:84:0F:E0:73:0F:9D:F6:0C:7F:2C:4B:EE:20:46:34:9C:BB # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/UniTrust/UCA_Extended_Validation_Root.pem b/roots/UniTrust/UCA_Extended_Validation_Root.pem index ad5f430..d0eb1bb 100644 --- a/roots/UniTrust/UCA_Extended_Validation_Root.pem +++ b/roots/UniTrust/UCA_Extended_Validation_Root.pem @@ -1,5 +1,5 @@ # Label: UCA Extended Validation Root -# OpenSSL subject hash: e98dfb4d +# OpenSSL subject hash: 0f5dc4f3 # SHA1 fingerprint: A3:A1:B0:6F:24:61:23:4A:E3:36:A5:C2:37:FC:A6:FF:DD:F0:D7:3A # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/UniTrust/UCA_Global_G2_Root.pem b/roots/UniTrust/UCA_Global_G2_Root.pem index 8f2cc2c..768b404 100644 --- a/roots/UniTrust/UCA_Global_G2_Root.pem +++ b/roots/UniTrust/UCA_Global_G2_Root.pem @@ -1,5 +1,5 @@ # Label: UCA Global G2 Root -# OpenSSL subject hash: c60bcda9 +# OpenSSL subject hash: c01eb047 # SHA1 fingerprint: 28:F9:78:16:19:7A:FF:18:25:18:AA:44:FE:C1:A0:CE:5C:B6:4C:8A # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/WISeKey/OISTE_Server_Root_ECC_G1.pem b/roots/WISeKey/OISTE_Server_Root_ECC_G1.pem index cd3b4f2..ea70982 100644 --- a/roots/WISeKey/OISTE_Server_Root_ECC_G1.pem +++ b/roots/WISeKey/OISTE_Server_Root_ECC_G1.pem @@ -1,5 +1,5 @@ # Label: OISTE Server Root ECC G1 -# OpenSSL subject hash: 4e09e736 +# OpenSSL subject hash: 6805c744 # SHA1 fingerprint: 3B:F6:8B:09:AE:2A:92:7B:BA:E3:8D:3F:11:95:D9:E6:44:0C:45:E2 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/WISeKey/OISTE_Server_Root_RSA_G1.pem b/roots/WISeKey/OISTE_Server_Root_RSA_G1.pem index d1a6e23..e4b1528 100644 --- a/roots/WISeKey/OISTE_Server_Root_RSA_G1.pem +++ b/roots/WISeKey/OISTE_Server_Root_RSA_G1.pem @@ -1,5 +1,5 @@ # Label: OISTE Server Root RSA G1 -# OpenSSL subject hash: 175e7589 +# OpenSSL subject hash: 30e1580d # SHA1 fingerprint: F7:00:34:25:94:88:68:31:E4:34:87:3F:70:FE:86:B3:86:9F:F0:6E # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/WISeKey/OISTE_WISeKey_Global_Root_GB_CA.pem b/roots/WISeKey/OISTE_WISeKey_Global_Root_GB_CA.pem index 7774b9f..e917f21 100644 --- a/roots/WISeKey/OISTE_WISeKey_Global_Root_GB_CA.pem +++ b/roots/WISeKey/OISTE_WISeKey_Global_Root_GB_CA.pem @@ -1,5 +1,5 @@ # Label: OISTE WISeKey Global Root GB CA -# OpenSSL subject hash: 40355c92 +# OpenSSL subject hash: e73d606e # SHA1 fingerprint: 0F:F9:40:76:18:D3:D7:6A:4B:98:F0:A8:35:9E:0C:FD:27:AC:CC:ED # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/WISeKey/OISTE_WISeKey_Global_Root_GC_CA.pem b/roots/WISeKey/OISTE_WISeKey_Global_Root_GC_CA.pem index 1dbb400..846ad6b 100644 --- a/roots/WISeKey/OISTE_WISeKey_Global_Root_GC_CA.pem +++ b/roots/WISeKey/OISTE_WISeKey_Global_Root_GC_CA.pem @@ -1,5 +1,5 @@ # Label: OISTE WISeKey Global Root GC CA -# OpenSSL subject hash: d3a04d03 +# OpenSSL subject hash: 773e07ad # SHA1 fingerprint: E0:11:84:5E:34:DE:BE:88:81:B9:9C:F6:16:26:D1:96:1F:C3:B9:31 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/certSIGN/certSIGN_Root_CA_G2.pem b/roots/certSIGN/certSIGN_Root_CA_G2.pem index bce9669..9ad3ec1 100644 --- a/roots/certSIGN/certSIGN_Root_CA_G2.pem +++ b/roots/certSIGN/certSIGN_Root_CA_G2.pem @@ -1,5 +1,5 @@ # Label: certSIGN Root CA G2 -# OpenSSL subject hash: 9d2a933d +# OpenSSL subject hash: 5f618aec # SHA1 fingerprint: 26:F9:93:B4:ED:3D:28:27:B0:B9:4B:A7:E9:15:1D:A3:8D:92:E5:32 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/eMudhra/emSign_ECC_Root_CA_C3.pem b/roots/eMudhra/emSign_ECC_Root_CA_C3.pem index e5ba17e..ce8a8cb 100644 --- a/roots/eMudhra/emSign_ECC_Root_CA_C3.pem +++ b/roots/eMudhra/emSign_ECC_Root_CA_C3.pem @@ -1,5 +1,5 @@ # Label: emSign ECC Root CA - C3 -# OpenSSL subject hash: 8ab7e80f +# OpenSSL subject hash: 4b718d9b # SHA1 fingerprint: B6:AF:43:C2:9B:81:53:7D:F6:EF:6B:C3:1F:1F:60:15:0C:EE:48:66 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/eMudhra/emSign_ECC_Root_CA_G3.pem b/roots/eMudhra/emSign_ECC_Root_CA_G3.pem index 2884c4b..631b03d 100644 --- a/roots/eMudhra/emSign_ECC_Root_CA_G3.pem +++ b/roots/eMudhra/emSign_ECC_Root_CA_G3.pem @@ -1,5 +1,5 @@ # Label: emSign ECC Root CA - G3 -# OpenSSL subject hash: ecd39db7 +# OpenSSL subject hash: 14bc7599 # SHA1 fingerprint: 30:43:FA:4F:F2:57:DC:A0:C3:80:EE:2E:58:EA:78:B2:3F:E6:BB:C1 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/eMudhra/emSign_Root_CA_C1.pem b/roots/eMudhra/emSign_Root_CA_C1.pem index 5c625fa..08a881b 100644 --- a/roots/eMudhra/emSign_Root_CA_C1.pem +++ b/roots/eMudhra/emSign_Root_CA_C1.pem @@ -1,5 +1,5 @@ # Label: emSign Root CA - C1 -# OpenSSL subject hash: 245eb65a +# OpenSSL subject hash: 406c9bb1 # SHA1 fingerprint: E7:2E:F1:DF:FC:B2:09:28:CF:5D:D4:D5:67:37:B1:51:CB:86:4F:01 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/eMudhra/emSign_Root_CA_G1.pem b/roots/eMudhra/emSign_Root_CA_G1.pem index 600521b..6970797 100644 --- a/roots/eMudhra/emSign_Root_CA_G1.pem +++ b/roots/eMudhra/emSign_Root_CA_G1.pem @@ -1,5 +1,5 @@ # Label: emSign Root CA - G1 -# OpenSSL subject hash: 277fbcf1 +# OpenSSL subject hash: 2923b3f9 # SHA1 fingerprint: 8A:C7:AD:8F:73:AC:4E:C1:B5:75:4D:A5:40:F4:FC:CF:7C:B5:8E:8C # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/iTrusChina/vTrus_ECC_Root_CA.pem b/roots/iTrusChina/vTrus_ECC_Root_CA.pem index 40ffd7c..f9122d3 100644 --- a/roots/iTrusChina/vTrus_ECC_Root_CA.pem +++ b/roots/iTrusChina/vTrus_ECC_Root_CA.pem @@ -1,5 +1,5 @@ # Label: vTrus ECC Root CA -# OpenSSL subject hash: 5643ae63 +# OpenSSL subject hash: ed858448 # SHA1 fingerprint: F6:9C:DB:B0:FC:F6:02:13:B6:52:32:A6:A3:91:3F:16:70:DA:C3:E1 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/roots/iTrusChina/vTrus_Root_CA.pem b/roots/iTrusChina/vTrus_Root_CA.pem index e55ff4e..4755bd1 100644 --- a/roots/iTrusChina/vTrus_Root_CA.pem +++ b/roots/iTrusChina/vTrus_Root_CA.pem @@ -1,5 +1,5 @@ # Label: vTrus Root CA -# OpenSSL subject hash: 4cc24e26 +# OpenSSL subject hash: 7a3adc42 # SHA1 fingerprint: 84:1A:69:FB:F5:CD:1A:25:34:13:3D:E3:F8:FC:B8:99:D0:C9:14:B7 # Source: Mozilla NSS certdata.txt (CKT_NSS_TRUSTED_DELEGATOR, server auth) -----BEGIN CERTIFICATE----- diff --git a/tests/example_anchor.rs b/tests/example_anchor.rs new file mode 100644 index 0000000..975b908 --- /dev/null +++ b/tests/example_anchor.rs @@ -0,0 +1,98 @@ +//! Regression test for resolving the real trust anchor used by example.com and +//! example.org. +//! +//! As of 2026 both sites are served by Cloudflare and present this chain: +//! +//! ```text +//! leaf (CN=example.com / example.org) +//! -> Cloudflare TLS Issuing ECC CA 3 +//! -> SSL.com TLS Transit ECC CA R2 +//! -> SSL.com TLS ECC Root CA 2022 <- the trust anchor +//! ``` +//! +//! The last intermediate ("SSL.com TLS Transit ECC CA R2") names +//! "SSL.com TLS ECC Root CA 2022" as its issuer; a verifier resolves that +//! anchor by matching the issuer's raw DER `Name` against the embedded store. +//! This certificate is `865fbdf9.0`. (The cross-signed copy the server also +//! offers, issued by Comodo "AAA Certificate Services", shares the same subject +//! `Name` but is a different certificate — the modern anchor is the self-signed +//! root verified here by its DER.) + +extern crate alloc; +use alloc::format; + +/// The DER `Name` that example.com / example.org's last intermediate names as +/// its issuer — i.e. exactly what chain-building looks up. Captured verbatim +/// from the live chain; equal to the self-signed root's subject. +const ANCHOR_NAME_DER: &[u8] = &[ + 48, 78, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 24, 48, 22, 6, 3, 85, 4, 10, 12, 15, + 83, 83, 76, 32, 67, 111, 114, 112, 111, 114, 97, 116, 105, 111, 110, 49, 37, 48, 35, 6, 3, 85, + 4, 3, 12, 28, 83, 83, 76, 46, 99, 111, 109, 32, 84, 76, 83, 32, 69, 67, 67, 32, 82, 111, 111, + 116, 32, 67, 65, 32, 50, 48, 50, 50, +]; + +/// The full DER of the genuine self-signed "SSL.com TLS ECC Root CA 2022" +/// (SHA-256 `C3:2F:FD:9F:46:F9:36:D1:6C:36:73:99:09:59:43:4B:9A:D6:0A:AF:BB:9E:7C:F3:36:54:F1:44:CC:1B:A1:43`). +/// Resolving the anchor must yield exactly these bytes. +const ANCHOR_DER: &[u8] = &[ + 48, 130, 2, 58, 48, 130, 1, 192, 160, 3, 2, 1, 2, 2, 16, 20, 3, 245, 171, 251, 55, 139, 23, 64, + 91, 226, 67, 178, 165, 209, 196, 48, 10, 6, 8, 42, 134, 72, 206, 61, 4, 3, 3, 48, 78, 49, 11, + 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 24, 48, 22, 6, 3, 85, 4, 10, 12, 15, 83, 83, 76, 32, + 67, 111, 114, 112, 111, 114, 97, 116, 105, 111, 110, 49, 37, 48, 35, 6, 3, 85, 4, 3, 12, 28, + 83, 83, 76, 46, 99, 111, 109, 32, 84, 76, 83, 32, 69, 67, 67, 32, 82, 111, 111, 116, 32, 67, + 65, 32, 50, 48, 50, 50, 48, 30, 23, 13, 50, 50, 48, 56, 50, 53, 49, 54, 51, 51, 52, 56, 90, 23, + 13, 52, 54, 48, 56, 49, 57, 49, 54, 51, 51, 52, 55, 90, 48, 78, 49, 11, 48, 9, 6, 3, 85, 4, 6, + 19, 2, 85, 83, 49, 24, 48, 22, 6, 3, 85, 4, 10, 12, 15, 83, 83, 76, 32, 67, 111, 114, 112, 111, + 114, 97, 116, 105, 111, 110, 49, 37, 48, 35, 6, 3, 85, 4, 3, 12, 28, 83, 83, 76, 46, 99, 111, + 109, 32, 84, 76, 83, 32, 69, 67, 67, 32, 82, 111, 111, 116, 32, 67, 65, 32, 50, 48, 50, 50, 48, + 118, 48, 16, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 5, 43, 129, 4, 0, 34, 3, 98, 0, 4, 69, 41, + 53, 115, 250, 194, 184, 35, 206, 20, 125, 168, 177, 77, 160, 91, 54, 238, 42, 44, 83, 195, 96, + 9, 53, 178, 36, 102, 38, 105, 192, 179, 149, 214, 93, 146, 64, 25, 14, 198, 165, 19, 112, 244, + 239, 18, 81, 40, 93, 231, 204, 189, 249, 60, 133, 193, 207, 148, 144, 201, 43, 206, 146, 66, + 88, 89, 103, 253, 148, 39, 16, 100, 140, 79, 4, 177, 77, 73, 228, 123, 79, 155, 245, 231, 8, + 248, 3, 136, 247, 167, 195, 146, 75, 25, 84, 129, 163, 99, 48, 97, 48, 15, 6, 3, 85, 29, 19, 1, + 1, 255, 4, 5, 48, 3, 1, 1, 255, 48, 31, 6, 3, 85, 29, 35, 4, 24, 48, 22, 128, 20, 137, 143, 47, + 163, 232, 43, 160, 20, 84, 123, 243, 86, 184, 38, 95, 103, 56, 11, 156, 208, 48, 29, 6, 3, 85, + 29, 14, 4, 22, 4, 20, 137, 143, 47, 163, 232, 43, 160, 20, 84, 123, 243, 86, 184, 38, 95, 103, + 56, 11, 156, 208, 48, 14, 6, 3, 85, 29, 15, 1, 1, 255, 4, 4, 3, 2, 1, 134, 48, 10, 6, 8, 42, + 134, 72, 206, 61, 4, 3, 3, 3, 104, 0, 48, 101, 2, 48, 85, 227, 34, 86, 233, 215, 146, 36, 88, + 79, 30, 148, 50, 15, 12, 2, 54, 194, 253, 172, 116, 50, 78, 225, 251, 28, 128, 136, 163, 204, + 251, 215, 235, 43, 255, 55, 125, 240, 237, 215, 158, 117, 106, 53, 118, 82, 69, 224, 2, 49, 0, + 199, 141, 111, 66, 32, 143, 190, 182, 77, 89, 237, 119, 77, 41, 196, 32, 32, 69, 100, 134, 58, + 80, 198, 196, 173, 45, 147, 245, 24, 125, 114, 237, 169, 207, 196, 172, 87, 54, 40, 8, 101, + 223, 60, 121, 102, 126, 160, 234, +]; + +/// Resolve the anchor by the issuer `Name` the chain points at — the way a +/// verifier building example.com / example.org's chain would. +#[test] +fn resolves_example_dot_com_and_org_anchor_by_issuer_name() { + let anchor = cacrt::find_by_subject(ANCHOR_NAME_DER) + .next() + .expect("SSL.com TLS ECC Root CA 2022 must be embedded for example.com/.org"); + + assert_eq!(format!("{}", anchor.hash_name()), "865fbdf9.0"); + assert_eq!(anchor.subject_hash(), 0x865f_bdf9); + assert_eq!(anchor.seq(), 0); + assert_eq!(anchor.label(), "SSL.com TLS ECC Root CA 2022"); + + // The stored subject is byte-identical to the issuer Name in the chain, + // and the resolved certificate is the genuine self-signed root. + assert_eq!(anchor.subject_der(), ANCHOR_NAME_DER); + assert_eq!(anchor.der(), ANCHOR_DER); +} + +/// The same anchor is reachable by its OpenSSL hash name, and both routes +/// return the very same entry. +#[test] +fn anchor_reachable_by_openssl_hash_name() { + let by_name = cacrt::lookup("865fbdf9.0").expect("865fbdf9.0 present"); + assert_eq!(by_name.der(), ANCHOR_DER); + + let by_subject = cacrt::find_by_subject(ANCHOR_NAME_DER).next().unwrap(); + assert!(core::ptr::eq(by_name, by_subject)); + + // And it sits in its subject-hash group. + let group = cacrt::lookup_by_hash(0x865f_bdf9); + assert!(group.iter().any(|c| core::ptr::eq(c, by_name))); +}