From 73800e131b9ed7eb0ebf48b8779e80387cec3bb6 Mon Sep 17 00:00:00 2001
From: Paul Wouters <pwouters@redhat.com>
Date: Jan 04 2013 17:50:54 +0000
Subject: * Fri Jan 04 2013 Paul Wouters <pwouters@redhat.com> - 2012.87-1

- Updated to r1.87 to blacklist mis-issued turktrust CA certs

---

diff --git a/blacklist.txt b/blacklist.txt
index 4f31526..b055072 100644
--- a/blacklist.txt
+++ b/blacklist.txt
@@ -24,3 +24,7 @@
 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
 "MITM subCA 1 issued by Trustwave"
 "MITM subCA 2 issued by Trustwave"
+
+# From certdata.txt version 1.87 on Fri Jan  4 17:45:13 UTC 2013, added by Mozilla on Dec 29 2012
+"TURKTRUST Mis-issued Intermediate CA 1"
+"TURKTRUST Mis-issued Intermediate CA 2"
diff --git a/ca-certificates.spec b/ca-certificates.spec
index 1aa0041..9b44141 100644
--- a/ca-certificates.spec
+++ b/ca-certificates.spec
@@ -15,8 +15,8 @@
 
 Summary: The Mozilla CA root certificate bundle
 Name: ca-certificates
-Version: 2012.86
-Release: 2%{?dist}
+Version: 2012.87
+Release: 1%{?dist}
 License: Public Domain
 Group: System Environment/Base
 URL: http://www.mozilla.org/
@@ -122,6 +122,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_sysconfdir}/ssl/certs
 
 %changelog
+* Fri Jan 04 2013 Paul Wouters <pwouters@redhat.com> - 2012.87-1
+- Updated to r1.87 to blacklist mis-issued turktrust CA certs
+
 * Wed Oct 24 2012 Paul Wouters <pwouters@redhat.com> - 2012.86-2
 - Updated blacklist with 20 entries (Diginotar, Trustwave, Comodo(?)
 - Fix to certdata2pem.py to also check for CKT_NSS_NOT_TRUSTED 
diff --git a/certdata.txt b/certdata.txt
index 56b0a3e..30edd79 100644
--- a/certdata.txt
+++ b/certdata.txt
@@ -2,7 +2,7 @@
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
-CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.86 $ $Date: 2012/10/18 16:26:52 $"
+CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.87 $ $Date: 2012/12/29 16:32:45 $"
 
 #
 # certdata.txt
@@ -24424,171 +24424,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
-# Certificate "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
-#
-# Issuer: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,L=Ankara,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
-# Serial Number: 1 (0x1)
-# Subject: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,L=Ankara,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
-# Not Valid Before: Tue Dec 25 18:37:19 2007
-# Not Valid After : Fri Dec 22 18:37:19 2017
-# Fingerprint (MD5): 2B:70:20:56:86:82:A0:18:C8:07:53:12:28:70:21:72
-# Fingerprint (SHA1): F1:7F:6F:B6:31:DC:99:E3:A3:C8:7F:FE:1C:F1:81:10:88:D9:60:33
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303
-\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157
-\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151
-\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304
-\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124
-\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141
-\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234
-\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260
-\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151
-\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151
-\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236
-\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060
-\060\067
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303
-\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157
-\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151
-\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304
-\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124
-\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141
-\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234
-\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260
-\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151
-\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151
-\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236
-\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060
-\060\067
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\001\001
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\004\075\060\202\003\045\240\003\002\001\002\002\001\001
-\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
-\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303\234
-\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157\156
-\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151\172
-\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304\261
-\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124\122
-\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162
-\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234\122
-\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260\154
-\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151\305
-\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151\040
-\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236\056
-\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060\060
-\067\060\036\027\015\060\067\061\062\062\065\061\070\063\067\061
-\071\132\027\015\061\067\061\062\062\062\061\070\063\067\061\071
-\132\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124
-\303\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162
-\157\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110
-\151\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143
-\304\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002
-\124\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153
-\141\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303
-\234\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304
-\260\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154
-\151\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237
-\151\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305
-\236\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062
-\060\060\067\060\202\001\042\060\015\006\011\052\206\110\206\367
-\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002
-\202\001\001\000\253\267\076\012\214\310\245\130\025\346\212\357
-\047\075\112\264\350\045\323\315\063\302\040\334\031\356\210\077
-\115\142\360\335\023\167\217\141\251\052\265\324\362\271\061\130
-\051\073\057\077\152\234\157\163\166\045\356\064\040\200\356\352
-\267\360\304\012\315\053\206\224\311\343\140\261\104\122\262\132
-\051\264\221\227\203\330\267\246\024\057\051\111\242\363\005\006
-\373\264\117\332\241\154\232\146\237\360\103\011\312\352\162\217
-\353\000\327\065\071\327\126\027\107\027\060\364\276\277\077\302
-\150\257\066\100\301\251\364\251\247\350\020\153\010\212\367\206
-\036\334\232\052\025\006\366\243\360\364\340\307\024\324\121\177
-\317\264\333\155\257\107\226\027\233\167\161\330\247\161\235\044
-\014\366\224\077\205\061\022\117\272\356\116\202\270\271\076\217
-\043\067\136\314\242\252\165\367\030\157\011\323\256\247\124\050
-\064\373\341\340\073\140\175\240\276\171\211\206\310\237\055\371
-\012\113\304\120\242\347\375\171\026\307\172\013\030\317\316\114
-\357\175\326\007\157\230\361\257\261\301\172\327\201\065\270\252
-\027\264\340\313\002\003\001\000\001\243\102\060\100\060\035\006
-\003\125\035\016\004\026\004\024\051\305\220\253\045\257\021\344
-\141\277\243\377\210\141\221\346\016\376\234\201\060\016\006\003
-\125\035\017\001\001\377\004\004\003\002\001\006\060\017\006\003
-\125\035\023\001\001\377\004\005\060\003\001\001\377\060\015\006
-\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001
-\000\020\015\332\370\072\354\050\321\024\225\202\261\022\054\121
-\172\101\045\066\114\237\354\077\037\204\235\145\124\134\250\026
-\002\100\372\156\032\067\204\357\162\235\206\012\125\235\126\050
-\254\146\054\320\072\126\223\064\007\045\255\010\260\217\310\017
-\011\131\312\235\230\034\345\124\370\271\105\177\152\227\157\210
-\150\115\112\006\046\067\210\002\016\266\306\326\162\231\316\153
-\167\332\142\061\244\126\037\256\137\215\167\332\135\366\210\374
-\032\331\236\265\201\360\062\270\343\210\320\234\363\152\240\271
-\233\024\131\065\066\117\317\363\216\136\135\027\255\025\225\330
-\335\262\325\025\156\000\116\263\113\317\146\224\344\340\315\265
-\005\332\143\127\213\345\263\252\333\300\056\034\220\104\333\032
-\135\030\244\356\276\004\133\231\325\161\137\125\145\144\142\325
-\242\233\004\131\206\310\142\167\347\174\202\105\152\075\027\277
-\354\235\165\014\256\243\157\132\323\057\230\066\364\360\365\031
-\253\021\135\310\246\343\052\130\152\102\011\303\275\222\046\146
-\062\015\135\010\125\164\377\214\230\320\012\246\204\152\321\071
-\175
-END
-
-# Trust for "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
-# Issuer: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,L=Ankara,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
-# Serial Number: 1 (0x1)
-# Subject: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,L=Ankara,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
-# Not Valid Before: Tue Dec 25 18:37:19 2007
-# Not Valid After : Fri Dec 22 18:37:19 2017
-# Fingerprint (MD5): 2B:70:20:56:86:82:A0:18:C8:07:53:12:28:70:21:72
-# Fingerprint (SHA1): F1:7F:6F:B6:31:DC:99:E3:A3:C8:7F:FE:1C:F1:81:10:88:D9:60:33
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\361\177\157\266\061\334\231\343\243\310\177\376\034\361\201\020
-\210\331\140\063
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\053\160\040\126\206\202\240\030\310\007\123\022\050\160\041\162
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303
-\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157
-\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151
-\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304
-\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124
-\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141
-\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234
-\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260
-\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151
-\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151
-\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236
-\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060
-\060\067
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\001\001
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
 # Certificate "T-TeleSec GlobalRoot Class 3"
 #
 # Issuer: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE
@@ -24880,3 +24715,71 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+# Explicitly Distrust "TURKTRUST Mis-issued Intermediate CA 1", Bug 825022
+# Issuer: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,C=TR,CN=T..RKTRUST Elektronik Sunucu Sertifikas.. Hizmetleri
+# Serial Number: 2087 (0x827)
+# Subject: CN=*.EGO.GOV.TR,OU=EGO BILGI ISLEM,O=EGO,L=ANKARA,ST=ANKARA,C=TR
+# Not Valid Before: Mon Aug 08 07:07:51 2011
+# Not Valid After : Tue Jul 06 07:07:51 2021
+# Fingerprint (MD5): F8:F5:25:FF:0C:31:CF:85:E1:0C:86:17:C1:CE:1F:8E
+# Fingerprint (SHA1): C6:9F:28:C8:25:13:9E:65:A6:46:C4:34:AC:A5:A1:D2:00:29:5D:B1
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "TURKTRUST Mis-issued Intermediate CA 1"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\254\061\075\060\073\006\003\125\004\003\014\064\124\303
+\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157
+\156\151\153\040\123\165\156\165\143\165\040\123\145\162\164\151
+\146\151\153\141\163\304\261\040\110\151\172\155\145\164\154\145
+\162\151\061\013\060\011\006\003\125\004\006\023\002\124\122\061
+\136\060\134\006\003\125\004\012\014\125\124\303\234\122\113\124
+\122\125\123\124\040\102\151\154\147\151\040\304\260\154\145\164
+\151\305\237\151\155\040\166\145\040\102\151\154\151\305\237\151
+\155\040\107\303\274\166\145\156\154\151\304\237\151\040\110\151
+\172\155\145\164\154\145\162\151\040\101\056\305\236\056\040\050
+\143\051\040\113\141\163\304\261\155\040\040\062\060\060\065
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\002\010\047
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+# Explicitly Distrust "TURKTRUST Mis-issued Intermediate CA 2", Bug 825022
+# Issuer: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,C=TR,CN=T..RKTRUST Elektronik Sunucu Sertifikas.. Hizmetleri
+# Serial Number: 2148 (0x864)
+# Subject: E=ileti@kktcmerkezbankasi.org,CN=e-islem.kktcmerkezbankasi.org,O=KKTC Merkez Bankasi,L=Lefkosa,ST=Lefkosa,C=TR
+# Not Valid Before: Mon Aug 08 07:07:51 2011
+# Not Valid After : Thu Aug 05 07:07:51 2021
+# Fingerprint (MD5): BF:C3:EC:AD:0F:42:4F:B4:B5:38:DB:35:BF:AD:84:A2
+# Fingerprint (SHA1): F9:2B:E5:26:6C:C0:5D:B2:DC:0D:C3:F2:DC:74:E0:2D:EF:D9:49:CB
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "TURKTRUST Mis-issued Intermediate CA 2"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\254\061\075\060\073\006\003\125\004\003\014\064\124\303
+\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157
+\156\151\153\040\123\165\156\165\143\165\040\123\145\162\164\151
+\146\151\153\141\163\304\261\040\110\151\172\155\145\164\154\145
+\162\151\061\013\060\011\006\003\125\004\006\023\002\124\122\061
+\136\060\134\006\003\125\004\012\014\125\124\303\234\122\113\124
+\122\125\123\124\040\102\151\154\147\151\040\304\260\154\145\164
+\151\305\237\151\155\040\166\145\040\102\151\154\151\305\237\151
+\155\040\107\303\274\166\145\156\154\151\304\237\151\040\110\151
+\172\155\145\164\154\145\162\151\040\101\056\305\236\056\040\050
+\143\051\040\113\141\163\304\261\155\040\040\062\060\060\065
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\002\010\144
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE