From patchwork Thu Dec 1 17:17:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 6236 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4NNN6y5cj2z3whh for ; Thu, 1 Dec 2022 17:17:30 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4NNN6w3P9nz2PK; Thu, 1 Dec 2022 17:17:28 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4NNN6w2cGvz2xR5; Thu, 1 Dec 2022 17:17:28 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4NNN6v1xr9z2xR5 for ; Thu, 1 Dec 2022 17:17:27 +0000 (UTC) Received: from people01.haj.ipfire.org (people01.haj.ipfire.org [172.28.1.161]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "people01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4NNN6t4tWzz2PK; Thu, 1 Dec 2022 17:17:26 +0000 (UTC) Received: by people01.haj.ipfire.org (Postfix, from userid 1078) id 4NNN6t3zGvz2yWj; Thu, 1 Dec 2022 17:17:26 +0000 (UTC) From: =?utf-8?q?Peter_M=C3=BCller?= To: development@lists.ipfire.org Subject: [PATCH 2/2] ca-certificates: Blacklist TrustCor Systems root CAs Date: Thu, 1 Dec 2022 17:17:23 +0000 Message-Id: <20221201171724.1818647-2-peter.mueller@ipfire.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20221201171724.1818647-1-peter.mueller@ipfire.org> References: <20221201171724.1818647-1-peter.mueller@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" See: https://lists.ipfire.org/pipermail/development/2022-November/014681.html Signed-off-by: Peter Müller --- ca-certificates/blacklist.txt | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ca-certificates/blacklist.txt b/ca-certificates/blacklist.txt index 8d57b8663..130a59e31 100644 --- a/ca-certificates/blacklist.txt +++ b/ca-certificates/blacklist.txt @@ -1,5 +1,6 @@ # One blacklist entry per line, corresponding to the label in certdata.txt. -# MD5 Collision Proof of Concept CA -"MD5 Collisions Forged Rogue CA 25c3" - +# https://lists.ipfire.org/pipermail/development/2022-November/014681.html +"TrustCor RootCert CA-1" +"TrustCor RootCert CA-2" +"TrustCor ECA-1"