Skip to content

Commit 092706c

Browse files
nornagonnornagon
authored
1 parent 13ed82a commit 092706c

5 files changed

+2606
-0
lines changed

patches/node/.patches

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -43,3 +43,7 @@ fsevents-regression-in-watching.patch
4343
build_bring_back_node_with_ltcg_configuration.patch
4444
fix_uv_fs_mkdir_for_invalid_names.patch
4545
win-fix-uv_spawn-ENOMEM-on-empty-env.patch
46+
tools_update_certdata_txt_to_nss_3_47.patch
47+
crypto_update_root_certificates_to_nss_3_47.patch
48+
tools_update_certdata_txt_to_nss_3_53.patch
49+
crypto_update_root_certificates_to_nss_3_53.patch

patches/node/crypto_update_root_certificates_to_nss_3_47.patch

Lines changed: 83 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,83 @@
1+
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
2+
From: AshCripps <Ashley.Cripps@ibm.com>
3+
Date: Thu, 31 Oct 2019 11:15:07 +0000
4+
Subject: crypto: update root certificates to NSS 3.47
5+
6+
Update the list of root certificates in src/node_root_certs.h with
7+
tools/mk-ca-bundle.pl.
8+
9+
Certificates added:
10+
11+
Certificates removed:
12+
- Certplus Class 2 Primary CA
13+
- Deutsche Telekom Root CA 2
14+
15+
PR-URL: https://github.com/nodejs/node/pull/30195
16+
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
17+
Reviewed-By: David Carlier <devnexen@gmail.com>
18+
Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>
19+
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
20+
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
21+
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
22+
23+
diff --git a/src/node_root_certs.h b/src/node_root_certs.h
24+
index a5032d645202fde30c3e9076e842b7644ec6e48a..bc08910c77ad4c9d1121614aa9b97eed0433175c 100644
25+
--- a/src/node_root_certs.h
26+
+++ b/src/node_root_certs.h
27+
@@ -574,27 +574,6 @@
28+
"yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep+OkuE6N36B9K\n"
29+
"-----END CERTIFICATE-----",
30+
31+
-/* Certplus Class 2 Primary CA */
32+
-"-----BEGIN CERTIFICATE-----\n"
33+
-"MIIDkjCCAnqgAwIBAgIRAIW9S/PY2uNp9pTXX8OlRCMwDQYJKoZIhvcNAQEFBQAwPTELMAkG\n"
34+
-"A1UEBhMCRlIxETAPBgNVBAoTCENlcnRwbHVzMRswGQYDVQQDExJDbGFzcyAyIFByaW1hcnkg\n"
35+
-"Q0EwHhcNOTkwNzA3MTcwNTAwWhcNMTkwNzA2MjM1OTU5WjA9MQswCQYDVQQGEwJGUjERMA8G\n"
36+
-"A1UEChMIQ2VydHBsdXMxGzAZBgNVBAMTEkNsYXNzIDIgUHJpbWFyeSBDQTCCASIwDQYJKoZI\n"
37+
-"hvcNAQEBBQADggEPADCCAQoCggEBANxQltAS+DXSCHh6tlJw/W/uz7kRy1134ezpfgSN1sxv\n"
38+
-"c0NXYKwzCkTsA18cgCSR5aiRVhKC9+Ar9NuuYS6JEI1rbLqzAr3VNsVINyPi8Fo3UjMXEuLR\n"
39+
-"YE2+L0ER4/YXJQyLkcAbmXuZVg2v7tK8R1fjeUl7NIknJITesezpWE7+Tt9avkGtrAjFGA7v\n"
40+
-"0lPubNCdEgETjdyAYveVqUSISnFOYFWe2yMZeVYHDD9jC1yw4r5+FfyUM1hBOHTE4Y+L3yas\n"
41+
-"H7WLO7dDWWuwJKZtkIvEcupdM5i3y95ee++U8Rs+yskhwcWYAqqi9lt3m/V+llU0HGdpwPFC\n"
42+
-"40es/CgcZlUCAwEAAaOBjDCBiTAPBgNVHRMECDAGAQH/AgEKMAsGA1UdDwQEAwIBBjAdBgNV\n"
43+
-"HQ4EFgQU43Mt38sOKAze3bOkynm4jrvoMIkwEQYJYIZIAYb4QgEBBAQDAgEGMDcGA1UdHwQw\n"
44+
-"MC4wLKAqoCiGJmh0dHA6Ly93d3cuY2VydHBsdXMuY29tL0NSTC9jbGFzczIuY3JsMA0GCSqG\n"
45+
-"SIb3DQEBBQUAA4IBAQCnVM+IRBnL39R/AN9WM2K191EBkOvDP9GIROkkXe/nFL0gt5o8AP5t\n"
46+
-"n9uQ3Nf0YtaLcF3n5QRIqWh8yfFC82x/xXp8HVGIutIKPidd3i1RTtMTZGnkLuPT55sJmabg\n"
47+
-"lZvOGtd/vjzOUrMRFcEPF80Du5wlFbqidon8BvEY0JNLDnyCt6X09l/+7UCmnYR0ObncHoUW\n"
48+
-"2ikbhiMAybuJfm6AiB4vFLQDJKgybwOaRywwvlbGp0ICcBvqQNi6BQNwB6SW//1IMwrh3KWB\n"
49+
-"kJtN3X3n57LNXMhqlfil9o3EXXgIvnsG1knPGTZQIy4I5p4FTUcY1Rbpsda2ENW7l7+ijrRU\n"
50+
-"-----END CERTIFICATE-----",
51+
-
52+
/* DST Root CA X3 */
53+
"-----BEGIN CERTIFICATE-----\n"
54+
"MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYD\n"
55+
@@ -904,28 +883,6 @@
56+
"vkHve52Xdf+XlcCWWC/qu0bXu+TZLg==\n"
57+
"-----END CERTIFICATE-----",
58+
59+
-/* Deutsche Telekom Root CA 2 */
60+
-"-----BEGIN CERTIFICATE-----\n"
61+
-"MIIDnzCCAoegAwIBAgIBJjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJERTEcMBoGA1UE\n"
62+
-"ChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxlU2VjIFRydXN0IENlbnRl\n"
63+
-"cjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290IENBIDIwHhcNOTkwNzA5MTIxMTAw\n"
64+
-"WhcNMTkwNzA5MjM1OTAwWjBxMQswCQYDVQQGEwJERTEcMBoGA1UEChMTRGV1dHNjaGUgVGVs\n"
65+
-"ZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxlU2VjIFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1\n"
66+
-"dHNjaGUgVGVsZWtvbSBSb290IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB\n"
67+
-"AQCrC6M14IspFLEUha88EOQ5bzVdSq7d6mGNlUn0b2SjGmBmpKlAIoTZ1KXleJMOaAGtuU1c\n"
68+
-"Os7TuKhCQN/Po7qCWWqSG6wcmtoIKyUn+WkjR/Hg6yx6m/UTAtB+NHzCnjwAWav12gz1Mjwr\n"
69+
-"rFDa1sPeg5TKqAyZMg4ISFZbavva4VhYAUlfckE8FQYBjl2tqriTtM2e66foai1SNNs671x1\n"
70+
-"Udrb8zH57nGYMsRUFUQM+ZtV7a3fGAigo4aKSe5TBY8ZTNXeWHmb0mocQqvF1afPaA+W5OFh\n"
71+
-"mHZhyJF81j4A4pFQh+GdCuatl9Idxjp9y7zaAzTVjlsB9WoHtxa2bkp/AgMBAAGjQjBAMB0G\n"
72+
-"A1UdDgQWBBQxw3kbuvVT1xfgiXotF2wKsyudMzAPBgNVHRMECDAGAQH/AgEFMA4GA1UdDwEB\n"
73+
-"/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAlGRZrTlk5ynrE/5aw4sTV8gEJPB0d8Bg42f7\n"
74+
-"6Ymmg7+Wgnxu1MM9756AbrsptJh6sTtU6zkXR34ajgv8HzFZMQSyzhfzLMdiNlXiItiJVbSY\n"
75+
-"SKpk+tYcNthEeFpaIzpXl/V6ME+un2pMSyuOoAPjPuCp1NJ70rOo4nI8rZ7/gFnkm0W09juw\n"
76+
-"zTkZmDLl6iFhkOQxIY40sfcvNUqFENrnijchvllj4PKFiDFT1FQUhXB59C4Gdyd1Lx+4ivn+\n"
77+
-"xbrYNuSD7Odlt79jWvNGr4GUN9RBjNYj1h7P9WgbRGOiWrqnNVmh5XAFmw4jV5mUCm26OWMo\n"
78+
-"hpLzGITY+9HPBVZkVw==\n"
79+
-"-----END CERTIFICATE-----",
80+
-
81+
/* Cybertrust Global Root */
82+
"-----BEGIN CERTIFICATE-----\n"
83+
"MIIDoTCCAomgAwIBAgILBAAAAAABD4WqLUgwDQYJKoZIhvcNAQEFBQAwOzEYMBYGA1UEChMP\n"

patches/node/crypto_update_root_certificates_to_nss_3_53.patch

Lines changed: 65 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,65 @@
1+
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
2+
From: AshCripps <Ashley.Cripps@ibm.com>
3+
Date: Mon, 1 Jun 2020 13:34:20 +0100
4+
Subject: crypto: update root certificates to NSS 3.53
5+
MIME-Version: 1.0
6+
Content-Type: text/plain; charset=UTF-8
7+
Content-Transfer-Encoding: 8bit
8+
9+
Update the list of root certificates in src/node_root_certs.h with
10+
tools/mk-ca-bundle.pl.
11+
12+
Certificates added:
13+
Entrust Root Certification Authority - G4
14+
15+
Certificates removed:
16+
17+
PR-URL: https://github.com/nodejs/node/pull/33682
18+
Reviewed-By: James M Snell <jasnell@gmail.com>
19+
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
20+
Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>
21+
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
22+
23+
diff --git a/src/node_root_certs.h b/src/node_root_certs.h
24+
index bc08910c77ad4c9d1121614aa9b97eed0433175c..f8e84e7d231e33736a798c2fd344566df2d2c6a6 100644
25+
--- a/src/node_root_certs.h
26+
+++ b/src/node_root_certs.h
27+
@@ -3421,4 +3421,38 @@
28+
"qp9HpLIiyhY6UFfEW0NnxWViA0kB60PZ2Pierc+xYw5F9KBaLJstxabArahH9CdMOA0uG0k7\n"
29+
"UvToiIMrVCjU8jVStDKDYmlkDJGcn5fqdBb9HxEGmpv0\n"
30+
"-----END CERTIFICATE-----",
31+
+
32+
+/* Entrust Root Certification Authority - G4 */
33+
+"-----BEGIN CERTIFICATE-----\n"
34+
+"MIIGSzCCBDOgAwIBAgIRANm1Q3+vqTkPAAAAAFVlrVgwDQYJKoZIhvcNAQELBQAwgb4xCzAJ\n"
35+
+"BgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVu\n"
36+
+"dHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxNSBFbnRydXN0LCBJbmMu\n"
37+
+"IC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMTKUVudHJ1c3QgUm9vdCBDZXJ0\n"
38+
+"aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc0MB4XDTE1MDUyNzExMTExNloXDTM3MTIyNzExNDEx\n"
39+
+"Nlowgb4xCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9T\n"
40+
+"ZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxNSBFbnRy\n"
41+
+"dXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMTKUVudHJ1c3Qg\n"
42+
+"Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc0MIICIjANBgkqhkiG9w0BAQEFAAOC\n"
43+
+"Ag8AMIICCgKCAgEAsewsQu7i0TD/pZJH4i3DumSXbcr3DbVZwbPLqGgZ2K+EbTBwXX7zLtJT\n"
44+
+"meH+H17ZSK9dE43b/2MzTdMAArzE+NEGCJR5WIoV3imz/f3ET+iq4qA7ec2/a0My3dl0ELn3\n"
45+
+"9GjUu9CH1apLiipvKgS1sqbHoHrmSKvS0VnM1n4j5pds8ELl3FFLFUHtSUrJ3hCX1nbB76W1\n"
46+
+"NhSXNdh4IjVS70O92yfbYVaCNNzLiGAMC1rlLAHGVK/XqsEQe9IFWrhAnoanw5CGAlZSCXqc\n"
47+
+"0ieCU0plUmr1POeo8pyvi73TDtTUXm6Hnmo9RR3RXRv06QqsYJn7ibT/mCzPfB3pAqoEmh64\n"
48+
+"3IhuJbNsZvc8kPNXwbMv9W3y+8qh+CmdRouzavbmZwe+LGcKKh9asj5XxNMhIWNlUpEbsZmO\n"
49+
+"eX7m640A2Vqq6nPopIICR5b+W45UYaPrL0swsIsjdXJ8ITzI9vF01Bx7owVV7rtNOzK+mndm\n"
50+
+"nqxpkCIHH2E6lr7lmk/MBTwoWdPBDFSoWWG9yHJM6Nyfh3+9nEg2XpWjDrk4JFX8dWbrAuMI\n"
51+
+"NClKxuMrLzOg2qOGpRKX/YAr2hRC45K9PvJdXmd0LhyIRyk0X+IyqJwlN4y6mACXi0mWHv0l\n"
52+
+"iqzc2thddG5msP9E36EYxr5ILzeUePiVSj9/E15dWf10hkNjc0kCAwEAAaNCMEAwDwYDVR0T\n"
53+
+"AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJ84xFYjwznooHFs6FRM5Og6\n"
54+
+"sb9nMA0GCSqGSIb3DQEBCwUAA4ICAQAS5UKme4sPDORGpbZgQIeMJX6tuGguW8ZAdjwD+MlZ\n"
55+
+"9POrYs4QjbRaZIxowLByQzTSGwv2LFPSypBLhmb8qoMi9IsabyZIrHZ3CL/FmFz0Jomee8O5\n"
56+
+"ZDIBf9PD3Vht7LGrhFV0d4QEJ1JrhkzO3bll/9bGXp+aEJlLdWr+aumXIOTkdnrG0CSqkM0g\n"
57+
+"kLpHZPt/B7NTeLUKYvJzQ85BK4FqLoUWlFPUa19yIqtRLULVAJyZv967lDtX/Zr1hstWO1uI\n"
58+
+"AeV8KEsD+UmDfLJ/fOPtjqF/YFOOVZ1QNBIPt5d7bIdKROf1beyAN/BYGW5KaHbwH5Lk6rWS\n"
59+
+"02FREAutp9lfx1/cH6NcjKF+m7ee01ZvZl4HliDtC3T7Zk6LERXpgUl+b7DUUH8i119lAg2m\n"
60+
+"9IUe2K4GS0qn0jFmwvjO5QimpAKWRGhXxNUzzxkvFMSUHHuk2fCfDrGA4tGeEWSpiBE6doLl\n"
61+
+"YsKA2KSD7ZPvfC+QsDJMlhVoSFLUmQjAJOgc47OlIQ6SwJAfzyBfyjs4x7dtOvPmRLgOMWuI\n"
62+
+"jnDrnBdSqEGULoe256YSxXXfW8AKbnuk5F6G+TaU33fD6Q3AOfF5u0aOq0NZJ7cguyPpVkAh\n"
63+
+"7DE9ZapD8j3fcEThuk0mEDuYn/PIjhs4ViFqUZPTkcpG2om3PVODLAgfi49T3f+sHw==\n"
64+
+"-----END CERTIFICATE-----",
65+
#endif // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS

0 commit comments

Comments
 (0)