Added TCI ECDSA and GOST root certificates

i9 changed/i9/ca-certificates-2023.2.60_v7.0.306-90.1.el9_2.inferit.2
Sergey Cherevko 6 months ago
parent 6703dc9de9
commit 3234301f18
Signed by: scherevko
GPG Key ID: D87CBBC16D2E4A72

@ -56183,3 +56183,180 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "TCI GOST ROOT A1"
#
# Issuer: CN=TCI GOST ROOT A1
# Serial Number:02:de:ad:c0:de:00:8c:19:78:3c:7a:d6
# Subject: CN=TCI GOST ROOT A1
# Not Valid Before: Wed Mar 30 09:33:18 2022
# Not Valid After : Tue Mar 30 09:33:18 2032
# Fingerprint (SHA-256): 66:4B:2C:6F:77:02:EB:F3:32:09:87:88:BC:FF:73:04:4E:A8:39:BC:45:06:48:16:4F:C4:8D:7C:F2:56:4A:9E
# Fingerprint (SHA1): 1A:02:D2:5D:C1:3A:DF:20:6E:7F:E6:E8:AC:4E:E0:67:75:C6:E2:62
CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
CKA_TOKEN CK_BBOOL CK_TRUE
CKA_PRIVATE CK_BBOOL CK_FALSE
CKA_MODIFIABLE CK_BBOOL CK_FALSE
CKA_LABEL UTF8 "TCI GOST ROOT A1"
CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
CKA_SUBJECT MULTILINE_OCTAL
\060\033\061\031\060\027\006\003\125\004\003\014\020\124\103\111
\040\107\117\123\124\040\122\117\117\124\040\101\061
END
CKA_ID UTF8 "0"
CKA_ISSUER MULTILINE_OCTAL
\060\033\061\031\060\027\006\003\125\004\003\014\020\124\103\111
\040\107\117\123\124\040\122\117\117\124\040\101\061
END
CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\014\002\336\255\300\336\000\214\031\170\074\172\326
END
CKA_VALUE MULTILINE_OCTAL
\060\202\001\135\060\202\001\010\240\003\002\001\002\002\014\002
\336\255\300\336\000\214\031\170\074\172\326\060\014\006\010\052
\205\003\007\001\001\003\002\005\000\060\033\061\031\060\027\006
\003\125\004\003\014\020\124\103\111\040\107\117\123\124\040\122
\117\117\124\040\101\061\060\036\027\015\062\062\060\063\063\060
\060\071\063\063\061\070\132\027\015\063\062\060\063\063\060\060
\071\063\063\061\070\132\060\033\061\031\060\027\006\003\125\004
\003\014\020\124\103\111\040\107\117\123\124\040\122\117\117\124
\040\101\061\060\146\060\037\006\010\052\205\003\007\001\001\001
\001\060\023\006\007\052\205\003\002\002\043\001\006\010\052\205
\003\007\001\001\002\002\003\103\000\004\100\112\041\076\073\121
\271\311\177\011\214\204\264\106\144\066\042\155\205\051\335\021
\205\263\255\166\066\250\002\053\301\337\054\033\034\261\233\351
\327\220\005\027\177\063\002\317\330\212\337\041\227\025\157\204
\017\344\364\230\242\120\377\042\357\204\305\243\043\060\041\060
\016\006\003\125\035\017\001\001\377\004\004\003\002\001\206\060
\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377
\060\014\006\010\052\205\003\007\001\001\003\002\005\000\003\101
\000\350\272\016\176\351\305\257\322\111\265\172\076\307\321\070
\102\263\260\031\327\350\141\240\202\217\160\070\102\356\144\247
\303\141\334\274\363\377\166\312\275\200\152\130\276\174\110\336
\353\165\352\204\172\031\023\021\064\010\322\350\235\303\067\001
\027
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "TCI GOST ROOT A1"
# Issuer: CN=TCI GOST ROOT A1
# Serial Number:02:de:ad:c0:de:00:8c:19:78:3c:7a:d6
# Subject: CN=TCI GOST ROOT A1
# Not Valid Before: Wed Mar 30 09:33:18 2022
# Not Valid After : Tue Mar 30 09:33:18 2032
# Fingerprint (SHA-256): 66:4B:2C:6F:77:02:EB:F3:32:09:87:88:BC:FF:73:04:4E:A8:39:BC:45:06:48:16:4F:C4:8D:7C:F2:56:4A:9E
# Fingerprint (SHA1): 1A:02:D2:5D:C1:3A:DF:20:6E:7F:E6:E8:AC:4E:E0:67:75:C6:E2:62
CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
CKA_TOKEN CK_BBOOL CK_TRUE
CKA_PRIVATE CK_BBOOL CK_FALSE
CKA_MODIFIABLE CK_BBOOL CK_FALSE
CKA_LABEL UTF8 "TCI GOST ROOT A1"
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
\032\002\322\135\301\072\337\040\156\177\346\350\254\116\340\147
\165\306\342\142
END
CKA_CERT_MD5_HASH MULTILINE_OCTAL
\127\150\125\352\304\302\171\075\316\310\250\022\102\122\253\002
END
CKA_ISSUER MULTILINE_OCTAL
\060\033\061\031\060\027\006\003\125\004\003\014\020\124\103\111
\040\107\117\123\124\040\122\117\117\124\040\101\061
END
CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\014\002\336\255\300\336\000\214\031\170\074\172\326
END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "TCI ECDSA ROOT A1"
#
# Issuer: CN=TCI ECDSA ROOT A1
# Serial Number:01:de:ad:c0:de:00:8c:19:78:3c:7a:d6
# Subject: CN=TCI ECDSA ROOT A1
# Not Valid Before: Wed Mar 30 09:33:18 2022
# Not Valid After : Tue Mar 30 09:33:18 2032
# Fingerprint (SHA-256): 0A:3C:80:4A:CF:2E:70:22:3E:22:2D:65:99:EB:78:8D:CC:A3:EE:CC:F7:F2:66:7C:B3:71:C1:78:AD:07:DB:51
# Fingerprint (SHA1): 4E:87:7A:C0:27:A6:3D:85:14:C0:B4:CB:FA:0F:6F:58:F6:C1:76:96
CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
CKA_TOKEN CK_BBOOL CK_TRUE
CKA_PRIVATE CK_BBOOL CK_FALSE
CKA_MODIFIABLE CK_BBOOL CK_FALSE
CKA_LABEL UTF8 "TCI ECDSA ROOT A1"
CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
CKA_SUBJECT MULTILINE_OCTAL
\060\034\061\032\060\030\006\003\125\004\003\014\021\124\103\111
\040\105\103\104\123\101\040\122\117\117\124\040\101\061
END
CKA_ID UTF8 "0"
CKA_ISSUER MULTILINE_OCTAL
\060\034\061\032\060\030\006\003\125\004\003\014\021\124\103\111
\040\105\103\104\123\101\040\122\117\117\124\040\101\061
END
CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\014\001\336\255\300\336\000\214\031\170\074\172\326
END
CKA_VALUE MULTILINE_OCTAL
\060\202\001\124\060\201\373\240\003\002\001\002\002\014\001\336
\255\300\336\000\214\031\170\074\172\326\060\012\006\010\052\206
\110\316\075\004\003\002\060\034\061\032\060\030\006\003\125\004
\003\014\021\124\103\111\040\105\103\104\123\101\040\122\117\117
\124\040\101\061\060\036\027\015\062\062\060\063\063\060\060\071
\063\063\061\070\132\027\015\063\062\060\063\063\060\060\071\063
\063\061\070\132\060\034\061\032\060\030\006\003\125\004\003\014
\021\124\103\111\040\105\103\104\123\101\040\122\117\117\124\040
\101\061\060\131\060\023\006\007\052\206\110\316\075\002\001\006
\010\052\206\110\316\075\003\001\007\003\102\000\004\231\342\354
\262\123\340\150\374\352\221\264\263\334\016\171\365\240\252\012
\177\020\147\370\145\304\261\066\000\011\176\027\045\351\146\015
\241\146\231\175\371\144\213\204\135\321\134\300\046\006\332\115
\045\266\353\073\257\332\141\214\353\133\161\017\336\243\043\060
\041\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001
\206\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001
\001\377\060\012\006\010\052\206\110\316\075\004\003\002\003\110
\000\060\105\002\040\062\243\050\372\032\146\272\255\226\071\256
\313\255\006\324\366\010\066\364\167\003\127\213\073\064\370\105
\370\106\005\072\301\002\041\000\204\222\373\041\342\303\156\215
\236\144\002\051\343\070\250\150\212\150\326\025\162\136\100\001
\065\271\351\071\064\075\050\373
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "TCI ECDSA ROOT A1"
# Issuer: CN=TCI ECDSA ROOT A1
# Serial Number:01:de:ad:c0:de:00:8c:19:78:3c:7a:d6
# Subject: CN=TCI ECDSA ROOT A1
# Not Valid Before: Wed Mar 30 09:33:18 2022
# Not Valid After : Tue Mar 30 09:33:18 2032
# Fingerprint (SHA-256): 0A:3C:80:4A:CF:2E:70:22:3E:22:2D:65:99:EB:78:8D:CC:A3:EE:CC:F7:F2:66:7C:B3:71:C1:78:AD:07:DB:51
# Fingerprint (SHA1): 4E:87:7A:C0:27:A6:3D:85:14:C0:B4:CB:FA:0F:6F:58:F6:C1:76:96
CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
CKA_TOKEN CK_BBOOL CK_TRUE
CKA_PRIVATE CK_BBOOL CK_FALSE
CKA_MODIFIABLE CK_BBOOL CK_FALSE
CKA_LABEL UTF8 "TCI ECDSA ROOT A1"
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
\116\207\172\300\047\246\075\205\024\300\264\313\372\017\157\130
\366\301\166\226
END
CKA_CERT_MD5_HASH MULTILINE_OCTAL
\316\230\227\216\027\213\116\066\202\313\342\233\264\216\053\140
END
CKA_ISSUER MULTILINE_OCTAL
\060\034\061\032\060\030\006\003\125\004\003\014\021\124\103\111
\040\105\103\104\123\101\040\122\117\117\124\040\101\061
END
CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\014\001\336\255\300\336\000\214\031\170\074\172\326
END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE

@ -0,0 +1,12 @@
-----BEGIN CERTIFICATE-----
MIIBVDCB+6ADAgECAgwB3q3A3gCMGXg8etYwCgYIKoZIzj0EAw
IwHDEaMBgGA1UEAwwRVENJIEVDRFNBIFJPT1QgQTEwHhcNMjIw
MzMwMDkzMzE4WhcNMzIwMzMwMDkzMzE4WjAcMRowGAYDVQQDDB
FUQ0kgRUNEU0EgUk9PVCBBMTBZMBMGByqGSM49AgEGCCqGSM49
AwEHA0IABJni7LJT4Gj86pG0s9wOefWgqgp/EGf4ZcSxNgAJfh
cl6WYNoWaZfflki4Rd0VzAJgbaTSW26zuv2mGM61txD96jIzAh
MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MAoGCC
qGSM49BAMCA0gAMEUCIDKjKPoaZrqtljmuy60G1PYINvR3A1eL
OzT4RfhGBTrBAiEAhJL7IeLDbo2eZAIp4zioaIpo1hVyXkABNb
npOTQ9KPs=
-----END CERTIFICATE-----

@ -0,0 +1,12 @@
-----BEGIN CERTIFICATE-----
MIIBXTCCAQigAwIBAgIMAt6twN4AjBl4PHrWMAwGCCqFAwcBAQ
MCBQAwGzEZMBcGA1UEAwwQVENJIEdPU1QgUk9PVCBBMTAeFw0y
MjAzMzAwOTMzMThaFw0zMjAzMzAwOTMzMThaMBsxGTAXBgNVBA
MMEFRDSSBHT1NUIFJPT1QgQTEwZjAfBggqhQMHAQEBATATBgcq
hQMCAiMBBggqhQMHAQECAgNDAARASiE+O1G5yX8JjIS0RmQ2Im
2FKd0RhbOtdjaoAivB3ywbHLGb6deQBRd/MwLP2IrfIZcVb4QP
5PSYolD/Iu+ExaMjMCEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEw
EB/wQFMAMBAf8wDAYIKoUDBwEBAwIFAANBAOi6Dn7pxa/SSbV6
PsfROEKzsBnX6GGggo9wOELuZKfDYdy88/92yr2Aali+fEje63
XqhHoZExE0CNLoncM3ARc=
-----END CERTIFICATE-----

@ -38,7 +38,7 @@ Name: ca-certificates
Version: 2023.2.60_v7.0.306 Version: 2023.2.60_v7.0.306
# for y-stream, please always use 91 <= release < 100 (91,92,93) # for y-stream, please always use 91 <= release < 100 (91,92,93)
# for z-stream release branches, please use 90 <= release < 91 (90.0, 90.1, ...) # for z-stream release branches, please use 90 <= release < 91 (90.0, 90.1, ...)
Release: 90.1%{?dist}.inferit.1 Release: 90.1%{?dist}.inferit.2
License: Public Domain License: Public Domain
URL: https://fedoraproject.org/wiki/CA-Certificates URL: https://fedoraproject.org/wiki/CA-Certificates
@ -65,6 +65,10 @@ Source18: README.src
# Russian Ministry of Digital Development and Communications # Russian Ministry of Digital Development and Communications
Source90: rootca_ssl_rsa2022.cer Source90: rootca_ssl_rsa2022.cer
Source91: rootca_ssl_rsa2022.cer.detached.sig Source91: rootca_ssl_rsa2022.cer.detached.sig
# TCI ECSDA ROOT A1
Source92: ecdsa-a1.crt
# TCI GOST ROOT A1
Source93: gost-a1.crt
BuildArch: noarch BuildArch: noarch
@ -267,6 +271,9 @@ ln -s %{catrustdir}/extracted/%{java_bundle} \
# Russian Ministry of Digital Development and Communications # Russian Ministry of Digital Development and Communications
install -m 644 %{SOURCE90} $RPM_BUILD_ROOT%{catrustdir}/source/anchors/ install -m 644 %{SOURCE90} $RPM_BUILD_ROOT%{catrustdir}/source/anchors/
install -m 644 %{SOURCE91} $RPM_BUILD_ROOT%{catrustdir}/source/anchors/ install -m 644 %{SOURCE91} $RPM_BUILD_ROOT%{catrustdir}/source/anchors/
# TCI ECDSA and GOST root certificates
install -m 644 %{SOURCE92} $RPM_BUILD_ROOT%{catrustdir}/source/anchors/
install -m 644 %{SOURCE93} $RPM_BUILD_ROOT%{catrustdir}/source/anchors/
%pre %pre
if [ $1 -gt 1 ] ; then if [ $1 -gt 1 ] ; then
@ -361,6 +368,8 @@ fi
%{catrustdir}/source/anchors/rootca_ssl_rsa2022.cer %{catrustdir}/source/anchors/rootca_ssl_rsa2022.cer
%{catrustdir}/source/anchors/rootca_ssl_rsa2022.cer.detached.sig %{catrustdir}/source/anchors/rootca_ssl_rsa2022.cer.detached.sig
%{catrustdir}/source/anchors/ecdsa-a1.crt
%{catrustdir}/source/anchors/gost-a1.crt
%config(noreplace) %{catrustdir}/ca-legacy.conf %config(noreplace) %{catrustdir}/ca-legacy.conf
@ -405,6 +414,9 @@ fi
%changelog %changelog
* Tue Jul 09 2024 Sergey Cherevko <s.cherevko@msvsphere-os.ru> - 2023.2.60_v7.0.306-90.1.inferit.2
- Added TCI ECDSA and GOST root certificates
* Thu Sep 21 2023 Arkady L. Shane <tigro@msvsphere.ru> - 2023.2.60_v7.0.306-90.1.inferit.1 * Thu Sep 21 2023 Arkady L. Shane <tigro@msvsphere.ru> - 2023.2.60_v7.0.306-90.1.inferit.1
- place MDDC certificates to /etc/pki/ca-trust/source/anchors - place MDDC certificates to /etc/pki/ca-trust/source/anchors

Loading…
Cancel
Save