On 2011/10/10 12:16 PDT, Wan-Teh Chang wrote: > [...] > The certdata.txt file in the NSS source tree > (http://mxr.mozilla.org/security/source/security/nss/lib/ckfw/builtins/certdata.txt) > is the master source of the NSS built-in trusted root CA list, so > people have written scripts to extract the trusted root CA > certificates from this file. [...]
> After the two CA break-in incidents this year, certdata.txt started to > contain several explicitly distrusted certificates. Scripts that > extract trusted root CA certificates from certdata.txt must now check > the trust objects. > > Here are the instructions. I'd say it's going to be difficult for the typical scripting language to do the recommended instructions. How about putting the distrusted certs and their trust objects in a separate file in the CVS repository? -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
