New set of CA certificates is in cacert.pem, used only on Windows.
These CA certificates were copied from debian ca-certificates, which uses certificates from Mozilla's trust store. spi CA certificate has be removed, no server in xmpp.net list uses this CA certificate. https://xmpp.net/directory.php I have removed these CA certificates with 1024-bit RSA public keys, because Mozilla is planning to remove them in Q1 2014 : Digital_Signature_Trust_Co._Global_CA_1.crt Digital_Signature_Trust_Co._Global_CA_3.crt Entrust.net_Secure_Server_CA.crt Equifax_Secure_CA.crt Equifax_Secure_eBusiness_CA_1.crt Equifax_Secure_Global_eBusiness_CA.crt GTE_CyberTrust_Global_Root.crt NetLock_Business_=Class_B=_Root.crt NetLock_Express_=Class_C=_Root.crt RSA_Root_Certificate_1.crt Thawte_Premium_Server_CA.crt Thawte_Server_CA.crt ValiCert_Class_1_VA.crt ValiCert_Class_2_VA.crt Verisign_Class_1_Public_Primary_Certification_Authority.crt Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt Verisign_Class_3_Public_Primary_Certification_Authority.crt Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt See: https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ https://wiki.mozilla.org/CA:MD5and1024 I'm also removing TurkTrust CA certificates because of this security incident: https://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/ TURKTRUST_Certificate_Services_Provider_Root_1.crt TURKTRUST_Certificate_Services_Provider_Root_2007.crt TURKTRUST_Certificate_Services_Provider_Root_2.crt other/cacert.pem is used only on Windows. On Unix platforms use CA certificates installed in /etc/ssl/certs (python-nbxmpp loads CA certificates from /etc/ssl/certs directory) Fixes #7629
Loading
Please register or sign in to comment