From 96dc232fbd7928e9c23da42e770c8b79a2348d86 Mon Sep 17 00:00:00 2001 From: Michael Stapelberg Date: Thu, 10 Jul 2025 10:58:35 +0200 Subject: x509roots/fallback/bundle: add bundle package to export root certs Fixes golang/go#69898 Change-Id: Idbb1bbe48016a622414c84a56fe26f48bfe712c8 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/687155 Reviewed-by: Roland Shoemaker LUCI-TryBot-Result: Go LUCI Auto-Submit: Roland Shoemaker Reviewed-by: Mateusz Poliwczak --- x509roots/fallback/bundle.der | Bin 154797 -> 0 bytes x509roots/fallback/bundle.go | 885 ------------------------------- x509roots/fallback/bundle/bundle.der | Bin 0 -> 154797 bytes x509roots/fallback/bundle/bundle.go | 885 +++++++++++++++++++++++++++++++ x509roots/fallback/bundle/bundle_test.go | 32 ++ x509roots/fallback/bundle/roots.go | 73 +++ x509roots/fallback/bundle/roots_test.go | 18 + x509roots/fallback/bundle_test.go | 32 -- x509roots/fallback/fallback.go | 68 +-- x509roots/gen_fallback_bundle.go | 6 +- 10 files changed, 1020 insertions(+), 979 deletions(-) delete mode 100644 x509roots/fallback/bundle.der delete mode 100644 x509roots/fallback/bundle.go create mode 100644 x509roots/fallback/bundle/bundle.der create mode 100644 x509roots/fallback/bundle/bundle.go create mode 100644 x509roots/fallback/bundle/bundle_test.go create mode 100644 x509roots/fallback/bundle/roots.go create mode 100644 x509roots/fallback/bundle/roots_test.go delete mode 100644 x509roots/fallback/bundle_test.go diff --git a/x509roots/fallback/bundle.der b/x509roots/fallback/bundle.der deleted file mode 100644 index 1abf12f..0000000 Binary files a/x509roots/fallback/bundle.der and /dev/null differ diff --git a/x509roots/fallback/bundle.go b/x509roots/fallback/bundle.go deleted file mode 100644 index ee99a40..0000000 --- a/x509roots/fallback/bundle.go +++ /dev/null @@ -1,885 +0,0 @@ -// Code generated by gen_fallback_bundle.go; DO NOT EDIT. - -package fallback - -var unparsedCertificates = []unparsedCertificate{ - { - cn: "CN=AC RAIZ FNMT-RCM SERVIDORES SEGUROS,OU=Ceres,O=FNMT-RCM,C=ES,2.5.4.97=#130f56415445532d51323832363030344a", - sha256Hash: "554153b13d2cf9ddb753bfbe1a4e0ae08d0aa4187058fe60a2b862b2e4b87bcb", - certStartOff: 0, - certLength: 626, - }, - { - cn: "CN=ACCVRAIZ1,OU=PKIACCV,O=ACCV,C=ES", - sha256Hash: "9a6ec012e1a7da9dbe34194d478ad7c0db1822fb071df12981496ed104384113", - certStartOff: 626, - certLength: 2007, - }, - { - cn: "CN=Actalis Authentication Root CA,O=Actalis S.p.A./03358520967,L=Milan,C=IT", - sha256Hash: "55926084ec963a64b96e2abe01ce0ba86a64fbfebcc7aab5afc155b37fd76066", - certStartOff: 2633, - certLength: 1471, - }, - { - cn: "CN=AffirmTrust Commercial,O=AffirmTrust,C=US", - sha256Hash: "0376ab1d54c5f9803ce4b2e201a0ee7eef7b57b636e8a93c9b8d4860c96f5fa7", - certStartOff: 4104, - certLength: 848, - distrustAfter: "2024-11-30T23:59:59Z", - }, - { - cn: "CN=AffirmTrust Networking,O=AffirmTrust,C=US", - sha256Hash: "0a81ec5a929777f145904af38d5d509f66b5e2c58fcdb531058b0e17f3f0b41b", - certStartOff: 4952, - certLength: 848, - distrustAfter: "2024-11-30T23:59:59Z", - }, - { - cn: "CN=AffirmTrust Premium ECC,O=AffirmTrust,C=US", - sha256Hash: "bd71fdf6da97e4cf62d1647add2581b07d79adf8397eb4ecba9c5e8488821423", - certStartOff: 5800, - certLength: 514, - distrustAfter: "2024-11-30T23:59:59Z", - }, - { - cn: "CN=AffirmTrust Premium,O=AffirmTrust,C=US", - sha256Hash: "70a73f7f376b60074248904534b11482d5bf0e698ecc498df52577ebf2e93b9a", - certStartOff: 6314, - certLength: 1354, - distrustAfter: "2024-11-30T23:59:59Z", - }, - { - cn: "CN=Amazon Root CA 1,O=Amazon,C=US", - sha256Hash: "8ecde6884f3d87b1125ba31ac3fcb13d7016de7f57cc904fe1cb97c6ae98196e", - certStartOff: 7668, - certLength: 837, - }, - { - cn: "CN=Amazon Root CA 2,O=Amazon,C=US", - sha256Hash: "1ba5b2aa8c65401a82960118f80bec4f62304d83cec4713a19c39c011ea46db4", - certStartOff: 8505, - certLength: 1349, - }, - { - cn: "CN=Amazon Root CA 3,O=Amazon,C=US", - sha256Hash: "18ce6cfe7bf14e60b2e347b8dfe868cb31d02ebb3ada271569f50343b46db3a4", - certStartOff: 9854, - certLength: 442, - }, - { - cn: "CN=Amazon Root CA 4,O=Amazon,C=US", - sha256Hash: "e35d28419ed02025cfa69038cd623962458da5c695fbdea3c22b0bfb25897092", - certStartOff: 10296, - certLength: 502, - }, - { - cn: "CN=Atos TrustedRoot 2011,O=Atos,C=DE", - sha256Hash: "f356bea244b7a91eb35d53ca9ad7864ace018e2d35d5f8f96ddf68a6f41aa474", - certStartOff: 10798, - certLength: 891, - }, - { - cn: "CN=Atos TrustedRoot Root CA ECC TLS 2021,O=Atos,C=DE", - sha256Hash: "b2fae53e14ccd7ab9212064701ae279c1d8988facb775fa8a008914e663988a8", - certStartOff: 11689, - certLength: 537, - }, - { - cn: "CN=Atos TrustedRoot Root CA RSA TLS 2021,O=Atos,C=DE", - sha256Hash: "81a9088ea59fb364c548a6f85559099b6f0405efbf18e5324ec9f457ba00112f", - certStartOff: 12226, - certLength: 1384, - }, - { - cn: "CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,C=ES", - sha256Hash: "57de0583efd2b26e0361da99da9df4648def7ee8441c3b728afa9bcde0f9b26a", - certStartOff: 13610, - certLength: 1560, - }, - { - cn: "CN=BJCA Global Root CA1,O=BEIJING CERTIFICATE AUTHORITY,C=CN", - sha256Hash: "f3896f88fe7c0a882766a7fa6ad2749fb57a7f3e98fb769c1fa7b09c2c44d5ae", - certStartOff: 15170, - certLength: 1400, - }, - { - cn: "CN=BJCA Global Root CA2,O=BEIJING CERTIFICATE AUTHORITY,C=CN", - sha256Hash: "574df6931e278039667b720afdc1600fc27eb66dd3092979fb73856487212882", - certStartOff: 16570, - certLength: 553, - }, - { - cn: "CN=Buypass Class 2 Root CA,O=Buypass AS-983163327,C=NO", - sha256Hash: "9a114025197c5bb95d94e63d55cd43790847b646b23cdf11ada4a00eff15fb48", - certStartOff: 17123, - certLength: 1373, - }, - { - cn: "CN=Buypass Class 3 Root CA,O=Buypass AS-983163327,C=NO", - sha256Hash: "edf7ebbca27a2a384d387b7d4010c666e2edb4843e4c29b4ae1d5b9332e6b24d", - certStartOff: 18496, - certLength: 1373, - }, - { - cn: "CN=CA Disig Root R2,O=Disig a.s.,L=Bratislava,C=SK", - sha256Hash: "e23d4a036d7b70e9f595b1422079d2b91edfbb1fb651a0633eaa8a9dc5f80703", - certStartOff: 19869, - certLength: 1389, - }, - { - cn: "CN=CFCA EV ROOT,O=China Financial Certification Authority,C=CN", - sha256Hash: "5cc3d78e4e1d5e45547a04e6873e64f90cf9536d1ccc2ef800f355c4c5fd70fd", - certStartOff: 21258, - certLength: 1425, - }, - { - cn: "CN=COMODO Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB", - sha256Hash: "0c2cd63df7806fa399ede809116b575bf87989f06518f9808c860503178baf66", - certStartOff: 22683, - certLength: 1057, - }, - { - cn: "CN=COMODO ECC Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB", - sha256Hash: "1793927a0614549789adce2f8f34f7f0b66d0f3ae3a3b84d21ec15dbba4fadc7", - certStartOff: 23740, - certLength: 653, - }, - { - cn: "CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB", - sha256Hash: "52f0e1c4e58ec629291b60317f074671b85d7ea80d5b07273463534b32b40234", - certStartOff: 24393, - certLength: 1500, - }, - { - cn: "CN=Certainly Root E1,O=Certainly,C=US", - sha256Hash: "b4585f22e4ac756a4e8612a1361c5d9d031a93fd84febb778fa3068b0fc42dc2", - certStartOff: 25893, - certLength: 507, - }, - { - cn: "CN=Certainly Root R1,O=Certainly,C=US", - sha256Hash: "77b82cd8644c4305f7acc5cb156b45675004033d51c60c6202a8e0c33467d3a0", - certStartOff: 26400, - certLength: 1355, - }, - { - cn: "CN=Certigna Root CA,OU=0002 48146308100036,O=Dhimyotis,C=FR", - sha256Hash: "d48d3d23eedb50a459e55197601c27774b9d7b18c94d5a059511a10250b93168", - certStartOff: 27755, - certLength: 1631, - }, - { - cn: "CN=Certigna,O=Dhimyotis,C=FR", - sha256Hash: "e3b6a2db2ed7ce48842f7ac53241c7b71d54144bfb40c11f3f1d0b42f5eea12d", - certStartOff: 29386, - certLength: 940, - }, - { - cn: "CN=Certum EC-384 CA,OU=Certum Certification Authority,O=Asseco Data Systems S.A.,C=PL", - sha256Hash: "6b328085625318aa50d173c98d8bda09d57e27413d114cf787a0f5d06c030cf6", - certStartOff: 30326, - certLength: 617, - }, - { - cn: "CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL", - sha256Hash: "b676f2eddae8775cd36cb0f63cd1d4603961f49e6265ba013a2f0307b6d0b804", - certStartOff: 30943, - certLength: 1494, - }, - { - cn: "CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL", - sha256Hash: "5c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e", - certStartOff: 32437, - certLength: 959, - }, - { - cn: "CN=Certum Trusted Root CA,OU=Certum Certification Authority,O=Asseco Data Systems S.A.,C=PL", - sha256Hash: "fe7696573855773e37a95e7ad4d9cc96c30157c15d31765ba9b15704e1ae78fd", - certStartOff: 33396, - certLength: 1476, - }, - { - cn: "CN=CommScope Public Trust ECC Root-01,O=CommScope,C=US", - sha256Hash: "11437cda7bb45e41365f45b39a38986b0de00def348e0c7bb0873633800bc38b", - certStartOff: 34872, - certLength: 545, - }, - { - cn: "CN=CommScope Public Trust ECC Root-02,O=CommScope,C=US", - sha256Hash: "2ffb7f813bbbb3c89ab4e8162d0f16d71509a830cc9d73c262e5140875d1ad4a", - certStartOff: 35417, - certLength: 544, - }, - { - cn: "CN=CommScope Public Trust RSA Root-01,O=CommScope,C=US", - sha256Hash: "02bdf96e2a45dd9bf18fc7e1dbdf21a0379ba3c9c2610344cfd8d606fec1ed81", - certStartOff: 35961, - certLength: 1392, - }, - { - cn: "CN=CommScope Public Trust RSA Root-02,O=CommScope,C=US", - sha256Hash: "ffe943d793424b4f7c440c1c3d648d5363f34b82dc87aa7a9f118fc5dee101f1", - certStartOff: 37353, - certLength: 1392, - }, - { - cn: "CN=D-TRUST BR Root CA 1 2020,O=D-Trust GmbH,C=DE", - sha256Hash: "e59aaa816009c22bff5b25bad37df306f049797c1f81d85ab089e657bd8f0044", - certStartOff: 38745, - certLength: 735, - }, - { - cn: "CN=D-TRUST BR Root CA 2 2023,O=D-Trust GmbH,C=DE", - sha256Hash: "0552e6f83fdf65e8fa9670e666df28a4e21340b510cbe52566f97c4fb94b2bd1", - certStartOff: 39480, - certLength: 1453, - }, - { - cn: "CN=D-TRUST EV Root CA 1 2020,O=D-Trust GmbH,C=DE", - sha256Hash: "08170d1aa36453901a2f959245e347db0c8d37abaabc56b81aa100dc958970db", - certStartOff: 40933, - certLength: 735, - }, - { - cn: "CN=D-TRUST EV Root CA 2 2023,O=D-Trust GmbH,C=DE", - sha256Hash: "8e8221b2e7d4007836a1672f0dcc299c33bc07d316f132fa1a206d587150f1ce", - certStartOff: 41668, - certLength: 1453, - }, - { - cn: "CN=D-TRUST Root Class 3 CA 2 2009,O=D-Trust GmbH,C=DE", - sha256Hash: "49e7a442acf0ea6287050054b52564b650e4f49e42e348d6aa38e039e957b1c1", - certStartOff: 43121, - certLength: 1079, - }, - { - cn: "CN=D-TRUST Root Class 3 CA 2 EV 2009,O=D-Trust GmbH,C=DE", - sha256Hash: "eec5496b988ce98625b934092eec2908bed0b0f316c2d4730c84eaf1f3d34881", - certStartOff: 44200, - certLength: 1095, - }, - { - cn: "CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US", - sha256Hash: "3e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c", - certStartOff: 45295, - certLength: 955, - }, - { - cn: "CN=DigiCert Assured ID Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US", - sha256Hash: "7d05ebb682339f8c9451ee094eebfefa7953a114edb2f44949452fab7d2fc185", - certStartOff: 46250, - certLength: 922, - }, - { - cn: "CN=DigiCert Assured ID Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US", - sha256Hash: "7e37cb8b4c47090cab36551ba6f45db840680fba166a952db100717f43053fc2", - certStartOff: 47172, - certLength: 586, - }, - { - cn: "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US", - sha256Hash: "4348a0e9444c78cb265e058d5e8944b4d84f9662bd26db257f8934a443c70161", - certStartOff: 47758, - certLength: 947, - }, - { - cn: "CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US", - sha256Hash: "cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f", - certStartOff: 48705, - certLength: 914, - }, - { - cn: "CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US", - sha256Hash: "31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0", - certStartOff: 49619, - certLength: 579, - }, - { - cn: "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US", - sha256Hash: "7431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf", - certStartOff: 50198, - certLength: 969, - }, - { - cn: "CN=DigiCert TLS ECC P384 Root G5,O=DigiCert\\, Inc.,C=US", - sha256Hash: "018e13f0772532cf809bd1b17281867283fc48c6e13be9c69812854a490c1b05", - certStartOff: 51167, - certLength: 541, - }, - { - cn: "CN=DigiCert TLS RSA4096 Root G5,O=DigiCert\\, Inc.,C=US", - sha256Hash: "371a00dc0533b3721a7eeb40e8419e70799d2b0a0f2c1d80693165f7cec4ad75", - certStartOff: 51708, - certLength: 1386, - }, - { - cn: "CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US", - sha256Hash: "552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988", - certStartOff: 53094, - certLength: 1428, - }, - { - cn: "CN=Entrust Root Certification Authority - EC1,OU=See www.entrust.net/legal-terms+OU=(c) 2012 Entrust\\, Inc. - for authorized use only,O=Entrust\\, Inc.,C=US", - sha256Hash: "02ed0eb28c14da45165c566791700d6451d7fb56f0b2ab1d3b8eb070e56edff5", - certStartOff: 54522, - certLength: 765, - distrustAfter: "2024-11-30T23:59:59Z", - }, - { - cn: "CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\\, Inc. - for authorized use only,O=Entrust\\, Inc.,C=US", - sha256Hash: "43df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f339", - certStartOff: 55287, - certLength: 1090, - distrustAfter: "2024-11-30T23:59:59Z", - }, - { - cn: "CN=Entrust Root Certification Authority,OU=www.entrust.net/CPS is incorporated by reference+OU=(c) 2006 Entrust\\, Inc.,O=Entrust\\, Inc.,C=US", - sha256Hash: "73c176434f1bc6d5adf45b0e76e727287c8de57616c1e6e6141a2b2cbc7d8e4c", - certStartOff: 56377, - certLength: 1173, - distrustAfter: "2024-11-30T23:59:59Z", - }, - { - cn: "CN=FIRMAPROFESIONAL CA ROOT-A WEB,O=Firmaprofesional SA,C=ES,2.5.4.97=#130f56415445532d413632363334303638", - sha256Hash: "bef256daf26e9c69bdec1602359798f3caf71821a03e018257c53c65617f3d4a", - certStartOff: 57550, - certLength: 638, - }, - { - cn: "CN=GDCA TrustAUTH R5 ROOT,O=GUANG DONG CERTIFICATE AUTHORITY CO.\\,LTD.,C=CN", - sha256Hash: "bfff8fd04433487d6a8aa60c1a29767a9fc2bbb05e420f713a13b992891d3893", - certStartOff: 58188, - certLength: 1420, - }, - { - cn: "CN=GLOBALTRUST 2020,O=e-commerce monitoring GmbH,C=AT", - sha256Hash: "9a296a5182d1d451a2e37f439b74daafa267523329f90f9a0d2007c334e23c9a", - certStartOff: 59608, - certLength: 1414, - distrustAfter: "2024-06-30T00:00:00Z", - }, - { - cn: "CN=GTS Root R1,O=Google Trust Services LLC,C=US", - sha256Hash: "d947432abde7b7fa90fc2e6b59101b1280e0e1c7e4e40fa3c6887fff57a7f4cf", - certStartOff: 61022, - certLength: 1371, - }, - { - cn: "CN=GTS Root R2,O=Google Trust Services LLC,C=US", - sha256Hash: "8d25cd97229dbf70356bda4eb3cc734031e24cf00fafcfd32dc76eb5841c7ea8", - certStartOff: 62393, - certLength: 1371, - }, - { - cn: "CN=GTS Root R3,O=Google Trust Services LLC,C=US", - sha256Hash: "34d8a73ee208d9bcdb0d956520934b4e40e69482596e8b6f73c8426b010a6f48", - certStartOff: 63764, - certLength: 525, - }, - { - cn: "CN=GTS Root R4,O=Google Trust Services LLC,C=US", - sha256Hash: "349dfa4058c5e263123b398ae795573c4e1313c83fe68f93556cd5e8031b3c7d", - certStartOff: 64289, - certLength: 525, - }, - { - cn: "CN=GlobalSign Root E46,O=GlobalSign nv-sa,C=BE", - sha256Hash: "cbb9c44d84b8043e1050ea31a69f514955d7bfd2e2c6b49301019ad61d9f5058", - certStartOff: 64814, - certLength: 527, - }, - { - cn: "CN=GlobalSign Root R46,O=GlobalSign nv-sa,C=BE", - sha256Hash: "4fa3126d8d3a11d1c4855a4f807cbad6cf919d3a5a88b03bea2c6372d93c40c9", - certStartOff: 65341, - certLength: 1374, - }, - { - cn: "CN=GlobalSign,OU=GlobalSign ECC Root CA - R4,O=GlobalSign", - sha256Hash: "b085d70b964f191a73e4af0d54ae7a0e07aafdaf9b71dd0862138ab7325a24a2", - certStartOff: 66715, - certLength: 480, - }, - { - cn: "CN=GlobalSign,OU=GlobalSign ECC Root CA - R5,O=GlobalSign", - sha256Hash: "179fbc148a3dd00fd24ea13458cc43bfa7f59c8182d783a513f6ebec100c8924", - certStartOff: 67195, - certLength: 546, - }, - { - cn: "CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign", - sha256Hash: "cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b", - certStartOff: 67741, - certLength: 867, - }, - { - cn: "CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign", - sha256Hash: "2cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf69", - certStartOff: 68608, - certLength: 1415, - }, - { - cn: "CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\\, Inc.,L=Scottsdale,ST=Arizona,C=US", - sha256Hash: "45140b3247eb9cc8c5b4f0d7b53091f73292089e6e5a63e2749dd3aca9198eda", - certStartOff: 70023, - certLength: 969, - }, - { - cn: "CN=HARICA TLS ECC Root CA 2021,O=Hellenic Academic and Research Institutions CA,C=GR", - sha256Hash: "3f99cc474acfce4dfed58794665e478d1547739f2e780f1bb4ca9b133097d401", - certStartOff: 70992, - certLength: 600, - }, - { - cn: "CN=HARICA TLS RSA Root CA 2021,O=Hellenic Academic and Research Institutions CA,C=GR", - sha256Hash: "d95d0e8eda79525bf9beb11b14d2100d3294985f0c62d9fabd9cd999eccb7b1d", - certStartOff: 71592, - certLength: 1448, - }, - { - cn: "CN=Hellenic Academic and Research Institutions ECC RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR", - sha256Hash: "44b545aa8a25e65a73ca15dc27fc36d24c1cb9953a066539b11582dc487b4833", - certStartOff: 73040, - certLength: 711, - }, - { - cn: "CN=Hellenic Academic and Research Institutions RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR", - sha256Hash: "a040929a02ce53b4acf4f2ffc6981ce4496f755e6d45fe0b2a692bcd52523f36", - certStartOff: 73751, - certLength: 1551, - }, - { - cn: "CN=HiPKI Root CA - G1,O=Chunghwa Telecom Co.\\, Ltd.,C=TW", - sha256Hash: "f015ce3cc239bfef064be9f1d2c417e1a0264a0a94be1f0c8d121864eb6949cc", - certStartOff: 75302, - certLength: 1390, - }, - { - cn: "CN=Hongkong Post Root CA 3,O=Hongkong Post,L=Hong Kong,ST=Hong Kong,C=HK", - sha256Hash: "5a2fc03f0c83b090bbfa40604b0988446c7636183df9846e17101a447fb8efd6", - certStartOff: 76692, - certLength: 1491, - }, - { - cn: "CN=ISRG Root X1,O=Internet Security Research Group,C=US", - sha256Hash: "96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6", - certStartOff: 78183, - certLength: 1391, - }, - { - cn: "CN=ISRG Root X2,O=Internet Security Research Group,C=US", - sha256Hash: "69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470", - certStartOff: 79574, - certLength: 543, - }, - { - cn: "CN=IdenTrust Commercial Root CA 1,O=IdenTrust,C=US", - sha256Hash: "5d56499be4d2e08bcfcad08a3e38723d50503bde706948e42f55603019e528ae", - certStartOff: 80117, - certLength: 1380, - }, - { - cn: "CN=IdenTrust Public Sector Root CA 1,O=IdenTrust,C=US", - sha256Hash: "30d0895a9a448a262091635522d1f52010b5867acae12c78ef958fd4f4389f2f", - certStartOff: 81497, - certLength: 1386, - }, - { - cn: "CN=Izenpe.com,O=IZENPE S.A.,C=ES", - sha256Hash: "2530cc8e98321502bad96f9b1fba1b099e2d299e0f4548bb914f363bc0d4531f", - certStartOff: 82883, - certLength: 1525, - }, - { - cn: "CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU,1.2.840.113549.1.9.1=#0c10696e666f40652d737a69676e6f2e6875", - sha256Hash: "3c5f81fea5fab82c64bfa2eaecafcde8e077fc8620a7cae537163df36edbf378", - certStartOff: 84408, - certLength: 1038, - }, - { - cn: "CN=Microsoft ECC Root Certificate Authority 2017,O=Microsoft Corporation,C=US", - sha256Hash: "358df39d764af9e1b766e9c972df352ee15cfac227af6ad1d70e8e4a6edcba02", - certStartOff: 85446, - certLength: 605, - }, - { - cn: "CN=Microsoft RSA Root Certificate Authority 2017,O=Microsoft Corporation,C=US", - sha256Hash: "c741f70f4b2a8d88bf2e71c14122ef53ef10eba0cfa5e64cfa20f418853073e0", - certStartOff: 86051, - certLength: 1452, - }, - { - cn: "CN=NAVER Global Root Certification Authority,O=NAVER BUSINESS PLATFORM Corp.,C=KR", - sha256Hash: "88f438dcf8ffd1fa8f429115ffe5f82ae1e06e0c70c375faad717b34a49e7265", - certStartOff: 87503, - certLength: 1446, - }, - { - cn: "CN=NetLock Arany (Class Gold) Főtanúsítvány,OU=Tanúsítványkiadók (Certification Services),O=NetLock Kft.,L=Budapest,C=HU", - sha256Hash: "6c61dac3a2def031506be036d2a6fe401994fbd13df9c8d466599274c446ec98", - certStartOff: 88949, - certLength: 1049, - }, - { - cn: "CN=OISTE WISeKey Global Root GB CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH", - sha256Hash: "6b9c08e86eb0f767cfad65cd98b62149e5494a67f5845e7bd1ed019f27b86bd6", - certStartOff: 89998, - certLength: 953, - }, - { - cn: "CN=OISTE WISeKey Global Root GC CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH", - sha256Hash: "8560f91c3624daba9570b5fea0dbe36ff11a8323be9486854fb3f34a5571198d", - certStartOff: 90951, - certLength: 621, - }, - { - cn: "CN=QuoVadis Root CA 1 G3,O=QuoVadis Limited,C=BM", - sha256Hash: "8a866fd1b276b57e578e921c65828a2bed58e9f2f288054134b7f1f4bfc9cc74", - certStartOff: 91572, - certLength: 1380, - }, - { - cn: "CN=QuoVadis Root CA 2 G3,O=QuoVadis Limited,C=BM", - sha256Hash: "8fe4fb0af93a4d0d67db0bebb23e37c71bf325dcbcdd240ea04daf58b47e1840", - certStartOff: 92952, - certLength: 1380, - }, - { - cn: "CN=QuoVadis Root CA 2,O=QuoVadis Limited,C=BM", - sha256Hash: "85a0dd7dd720adb7ff05f83d542b209dc7ff4528f7d677b18389fea5e5c49e86", - certStartOff: 94332, - certLength: 1467, - }, - { - cn: "CN=QuoVadis Root CA 3 G3,O=QuoVadis Limited,C=BM", - sha256Hash: "88ef81de202eb018452e43f864725cea5fbd1fc2d9d205730709c5d8b8690f46", - certStartOff: 95799, - certLength: 1380, - }, - { - cn: "CN=QuoVadis Root CA 3,O=QuoVadis Limited,C=BM", - sha256Hash: "18f1fc7f205df8adddeb7fe007dd57e3af375a9c4d8d73546bf4f1fed1e18d35", - certStartOff: 97179, - certLength: 1697, - }, - { - cn: "CN=SSL.com EV Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US", - sha256Hash: "22a2c1f7bded704cc1e701b5f408c310880fe956b5de2a4a44f99c873a25a7c8", - certStartOff: 98876, - certLength: 664, - }, - { - cn: "CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US", - sha256Hash: "2e7bf16cc22485a7bbe2aa8696750761b0ae39be3b2fe9d0cc6d4ef73491425c", - certStartOff: 99540, - certLength: 1519, - }, - { - cn: "CN=SSL.com Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US", - sha256Hash: "3417bb06cc6007da1b961c920b8ab4ce3fad820e4aa30b9acbc4a74ebdcebc65", - certStartOff: 101059, - certLength: 657, - }, - { - cn: "CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US", - sha256Hash: "85666a562ee0be5ce925c1d8890a6f76a87ec16d4d7d5f29ea7419cf20123b69", - certStartOff: 101716, - certLength: 1505, - }, - { - cn: "CN=SSL.com TLS ECC Root CA 2022,O=SSL Corporation,C=US", - sha256Hash: "c32ffd9f46f936d16c3673990959434b9ad60aafbb9e7cf33654f144cc1ba143", - certStartOff: 103221, - certLength: 574, - }, - { - cn: "CN=SSL.com TLS RSA Root CA 2022,O=SSL Corporation,C=US", - sha256Hash: "8faf7d2e2cb4709bb8e0b33666bf75a5dd45b5de480f8ea8d4bfe6bebc17f2ed", - certStartOff: 103795, - certLength: 1421, - }, - { - cn: "CN=SZAFIR ROOT CA2,O=Krajowa Izba Rozliczeniowa S.A.,C=PL", - sha256Hash: "a1339d33281a0b56e557d3d32b1ce7f9367eb094bd5fa72a7e5004c8ded7cafe", - certStartOff: 105216, - certLength: 886, - }, - { - cn: "CN=Sectigo Public Server Authentication Root E46,O=Sectigo Limited,C=GB", - sha256Hash: "c90f26f0fb1b4018b22227519b5ca2b53e2ca5b3be5cf18efe1bef47380c5383", - certStartOff: 106102, - certLength: 574, - }, - { - cn: "CN=Sectigo Public Server Authentication Root R46,O=Sectigo Limited,C=GB", - sha256Hash: "7bb647a62aeeac88bf257aa522d01ffea395e0ab45c73f93f65654ec38f25a06", - certStartOff: 106676, - certLength: 1422, - }, - { - cn: "CN=Secure Global CA,O=SecureTrust Corporation,C=US", - sha256Hash: "4200f5043ac8590ebb527d209ed1503029fbcbd41ca1b506ec27f15ade7dac69", - certStartOff: 108098, - certLength: 960, - }, - { - cn: "CN=SecureSign Root CA12,O=Cybertrust Japan Co.\\, Ltd.,C=JP", - sha256Hash: "3f034bb5704d44b2d08545a02057de93ebf3905fce721acbc730c06ddaee904e", - certStartOff: 109058, - certLength: 886, - }, - { - cn: "CN=SecureSign Root CA14,O=Cybertrust Japan Co.\\, Ltd.,C=JP", - sha256Hash: "4b009c1034494f9ab56bba3ba1d62731fc4d20d8955adcec10a925607261e338", - certStartOff: 109944, - certLength: 1398, - }, - { - cn: "CN=SecureSign Root CA15,O=Cybertrust Japan Co.\\, Ltd.,C=JP", - sha256Hash: "e778f0f095fe843729cd1a0082179e5314a9c291442805e1fb1d8fb6b8886c3a", - certStartOff: 111342, - certLength: 551, - }, - { - cn: "CN=SecureTrust CA,O=SecureTrust Corporation,C=US", - sha256Hash: "f1c1b50ae5a20dd8030ec9f6bc24823dd367b5255759b4e71b61fce9f7375d73", - certStartOff: 111893, - certLength: 956, - }, - { - cn: "CN=Security Communication ECC RootCA1,O=SECOM Trust Systems CO.\\,LTD.,C=JP", - sha256Hash: "e74fbda55bd564c473a36b441aa799c8a68e077440e8288b9fa1e50e4bbaca11", - certStartOff: 112849, - certLength: 572, - }, - { - cn: "CN=Starfield Root Certificate Authority - G2,O=Starfield Technologies\\, Inc.,L=Scottsdale,ST=Arizona,C=US", - sha256Hash: "2ce1cb0bf9d2f9e102993fbe215152c3b2dd0cabde1c68e5319b839154dbb7f5", - certStartOff: 113421, - certLength: 993, - }, - { - cn: "CN=Starfield Services Root Certificate Authority - G2,O=Starfield Technologies\\, Inc.,L=Scottsdale,ST=Arizona,C=US", - sha256Hash: "568d6905a2c88708a4b3025190edcfedb1974a606a13c6e5290fcb2ae63edab5", - certStartOff: 114414, - certLength: 1011, - }, - { - cn: "CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH", - sha256Hash: "62dd0be9b9f50a163ea0f8e75c053b1eca57ea55c8688f647c6881f2c8357b95", - certStartOff: 115425, - certLength: 1470, - }, - { - cn: "CN=SwissSign RSA TLS Root CA 2022 - 1,O=SwissSign AG,C=CH", - sha256Hash: "193144f431e0fddb740717d4de926a571133884b4360d30e272913cbe660ce41", - certStartOff: 116895, - certLength: 1431, - }, - { - cn: "CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE", - sha256Hash: "91e2f5788d5810eba7ba58737de1548a8ecacd014598bc0b143e041b17052552", - certStartOff: 118326, - certLength: 967, - }, - { - cn: "CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE", - sha256Hash: "fd73dad31c644ff1b43bef0ccdda96710b9cd9875eca7e31707af3e96d522bbd", - certStartOff: 119293, - certLength: 967, - }, - { - cn: "CN=TWCA CYBER Root CA,OU=Root CA,O=TAIWAN-CA,C=TW", - sha256Hash: "3f63bb2814be174ec8b6439cf08d6d56f0b7c405883a5648a334424d6b3ec558", - certStartOff: 120260, - certLength: 1425, - }, - { - cn: "CN=TWCA Global Root CA,OU=Root CA,O=TAIWAN-CA,C=TW", - sha256Hash: "59769007f7685d0fcd50872f9f95d5755a5b2b457d81f3692b610a98672f0e1b", - certStartOff: 121685, - certLength: 1349, - }, - { - cn: "CN=TWCA Root Certification Authority,OU=Root CA,O=TAIWAN-CA,C=TW", - sha256Hash: "bfd88fe1101c41ae3e801bf8be56350ee9bad1a6b9bd515edc5c6d5b8711ac44", - certStartOff: 123034, - certLength: 895, - }, - { - cn: "CN=Telekom Security TLS ECC Root 2020,O=Deutsche Telekom Security GmbH,C=DE", - sha256Hash: "578af4ded0853f4e5998db4aeaf9cbea8d945f60b620a38d1a3c13b2bc7ba8e1", - certStartOff: 123929, - certLength: 582, - }, - { - cn: "CN=Telekom Security TLS RSA Root 2023,O=Deutsche Telekom Security GmbH,C=DE", - sha256Hash: "efc65cadbb59adb6efe84da22311b35624b71b3b1ea0da8b6655174ec8978646", - certStartOff: 124511, - certLength: 1463, - }, - { - cn: "CN=Telia Root CA v2,O=Telia Finland Oyj,C=FI", - sha256Hash: "242b69742fcb1e5b2abf98898b94572187544e5b4d9911786573621f6a74b82c", - certStartOff: 125974, - certLength: 1400, - }, - { - cn: "CN=TeliaSonera Root CA v1,O=TeliaSonera", - sha256Hash: "dd6936fe21f8f077c123a1a521c12224f72255b73e03a7260693e8a24b0fa389", - certStartOff: 127374, - certLength: 1340, - }, - { - cn: "CN=TrustAsia Global Root CA G3,O=TrustAsia Technologies\\, Inc.,C=CN", - sha256Hash: "e0d3226aeb1163c2e48ff9be3b50b4c6431be7bb1eacc5c36b5d5ec509039a08", - certStartOff: 128714, - certLength: 1449, - }, - { - cn: "CN=TrustAsia Global Root CA G4,O=TrustAsia Technologies\\, Inc.,C=CN", - sha256Hash: "be4b56cb5056c0136a526df444508daa36a0b54f42e4ac38f72af470e479654c", - certStartOff: 130163, - certLength: 601, - }, - { - cn: "CN=TrustAsia TLS ECC Root CA,O=TrustAsia Technologies\\, Inc.,C=CN", - sha256Hash: "c0076b9ef0531fb1a656d67c4ebe97cd5dbaa41ef44598acc2489878c92d8711", - certStartOff: 130764, - certLength: 565, - }, - { - cn: "CN=TrustAsia TLS RSA Root CA,O=TrustAsia Technologies\\, Inc.,C=CN", - sha256Hash: "06c08d7dafd876971eb1124fe67f847ec0c7a158d3ea53cbe940e2ea9791f4c3", - certStartOff: 131329, - certLength: 1412, - }, - { - cn: "CN=Trustwave Global Certification Authority,O=Trustwave Holdings\\, Inc.,L=Chicago,ST=Illinois,C=US", - sha256Hash: "97552015f5ddfc3c8788c006944555408894450084f100867086bc1a2bb58dc8", - certStartOff: 132741, - certLength: 1502, - }, - { - cn: "CN=Trustwave Global ECC P256 Certification Authority,O=Trustwave Holdings\\, Inc.,L=Chicago,ST=Illinois,C=US", - sha256Hash: "945bbc825ea554f489d1fd51a73ddf2ea624ac7019a05205225c22a78ccfa8b4", - certStartOff: 134243, - certLength: 612, - }, - { - cn: "CN=Trustwave Global ECC P384 Certification Authority,O=Trustwave Holdings\\, Inc.,L=Chicago,ST=Illinois,C=US", - sha256Hash: "55903859c8c0c3ebb8759ece4e2557225ff5758bbd38ebd48276601e1bd58097", - certStartOff: 134855, - certLength: 673, - }, - { - cn: "CN=TunTrust Root CA,O=Agence Nationale de Certification Electronique,C=TN", - sha256Hash: "2e44102ab58cb85419451c8e19d9acf3662cafbc614b6a53960a30f7d0e2eb41", - certStartOff: 135528, - certLength: 1463, - }, - { - cn: "CN=UCA Extended Validation Root,O=UniTrust,C=CN", - sha256Hash: "d43af9b35473755c9684fc06d7d8cb70ee5c28e773fb294eb41ee71722924d24", - certStartOff: 136991, - certLength: 1374, - }, - { - cn: "CN=UCA Global G2 Root,O=UniTrust,C=CN", - sha256Hash: "9bea11c976fe014764c1be56a6f914b5a560317abd9988393382e5161aa0493c", - certStartOff: 138365, - certLength: 1354, - }, - { - cn: "CN=USERTrust ECC Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US", - sha256Hash: "4ff460d54b9c86dabfbcfc5712e0400d2bed3fbc4d4fbdaa86e06adcd2a9ad7a", - certStartOff: 139719, - certLength: 659, - }, - { - cn: "CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US", - sha256Hash: "e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd2", - certStartOff: 140378, - certLength: 1506, - }, - { - cn: "CN=e-Szigno Root CA 2017,O=Microsec Ltd.,L=Budapest,C=HU,2.5.4.97=#130e56415448552d3233353834343937", - sha256Hash: "beb00b30839b9bc32c32e4447905950641f26421b15ed089198b518ae2ea1b99", - certStartOff: 141884, - certLength: 580, - }, - { - cn: "CN=emSign ECC Root CA - C3,OU=emSign PKI,O=eMudhra Inc,C=US", - sha256Hash: "bc4d809b15189d78db3e1d8cf4f9726a795da1643ca5f1358e1ddb0edc0d7eb3", - certStartOff: 142464, - certLength: 559, - }, - { - cn: "CN=emSign ECC Root CA - G3,OU=emSign PKI,O=eMudhra Technologies Limited,C=IN", - sha256Hash: "86a1ecba089c4a8d3bbe2734c612ba341d813e043cf9e8a862cd5c57a36bbe6b", - certStartOff: 143023, - certLength: 594, - }, - { - cn: "CN=emSign Root CA - C1,OU=emSign PKI,O=eMudhra Inc,C=US", - sha256Hash: "125609aa301da0a249b97a8239cb6a34216f44dcac9f3954b14292f2e8c8608f", - certStartOff: 143617, - certLength: 887, - }, - { - cn: "CN=emSign Root CA - G1,OU=emSign PKI,O=eMudhra Technologies Limited,C=IN", - sha256Hash: "40f6af0346a99aa1cd1d555a4e9cce62c7f9634603ee406615833dc8c8d00367", - certStartOff: 144504, - certLength: 920, - }, - { - cn: "CN=vTrus ECC Root CA,O=iTrusChina Co.\\,Ltd.,C=CN", - sha256Hash: "30fbba2c32238e2a98547af97931e550428b9b3f1c8eeb6633dcfa86c5b27dd3", - certStartOff: 145424, - certLength: 531, - }, - { - cn: "CN=vTrus Root CA,O=iTrusChina Co.\\,Ltd.,C=CN", - sha256Hash: "8a71de6559336f426c26e53880d00d88a18da4c6a91f0dcb6194e206c5c96387", - certStartOff: 145955, - certLength: 1370, - }, - { - cn: "OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES", - sha256Hash: "ebc5570c29018c4d67b1aa127baf12f703b4611ebc17b7dab5573894179b93fa", - certStartOff: 147325, - certLength: 1415, - }, - { - cn: "OU=Security Communication RootCA2,O=SECOM Trust Systems CO.\\,LTD.,C=JP", - sha256Hash: "513b2cecb810d4cde5dd85391adfc6c2dd60d87bb736d2b521484aa47a0ebef6", - certStartOff: 148740, - certLength: 891, - }, - { - cn: "OU=certSIGN ROOT CA G2,O=CERTSIGN SA,C=RO", - sha256Hash: "657cfe2fa73faa38462571f332a2363a46fce7020951710702cdfbb6eeda3305", - certStartOff: 149631, - certLength: 1355, - }, - { - cn: "OU=certSIGN ROOT CA,O=certSIGN,C=RO", - sha256Hash: "eaa962c4fa4a6bafebe415196d351ccd888d4f53f3fa8ae6d7c466a94e6042bb", - certStartOff: 150986, - certLength: 828, - }, - { - cn: "OU=ePKI Root Certification Authority,O=Chunghwa Telecom Co.\\, Ltd.,C=TW", - sha256Hash: "c0a6f4dc63a24bfdcf54ef2a6a082a0a72de35803e2ff5ff527ae5d87206dfd5", - certStartOff: 151814, - certLength: 1460, - distrustAfter: "2025-04-15T23:59:59Z", - }, - { - cn: "SERIALNUMBER=G63287510,CN=ANF Secure Server Root CA,OU=ANF CA Raiz,O=ANF Autoridad de Certificacion,C=ES", - sha256Hash: "fb8fec759169b9106b1e511644c618c51304373f6c0643088d8beffd1b997599", - certStartOff: 153274, - certLength: 1523, - }, -} diff --git a/x509roots/fallback/bundle/bundle.der b/x509roots/fallback/bundle/bundle.der new file mode 100644 index 0000000..1abf12f Binary files /dev/null and b/x509roots/fallback/bundle/bundle.der differ diff --git a/x509roots/fallback/bundle/bundle.go b/x509roots/fallback/bundle/bundle.go new file mode 100644 index 0000000..be9e857 --- /dev/null +++ b/x509roots/fallback/bundle/bundle.go @@ -0,0 +1,885 @@ +// Code generated by gen_fallback_bundle.go; DO NOT EDIT. + +package bundle + +var unparsedCertificates = []unparsedCertificate{ + { + cn: "CN=AC RAIZ FNMT-RCM SERVIDORES SEGUROS,OU=Ceres,O=FNMT-RCM,C=ES,2.5.4.97=#130f56415445532d51323832363030344a", + sha256Hash: "554153b13d2cf9ddb753bfbe1a4e0ae08d0aa4187058fe60a2b862b2e4b87bcb", + certStartOff: 0, + certLength: 626, + }, + { + cn: "CN=ACCVRAIZ1,OU=PKIACCV,O=ACCV,C=ES", + sha256Hash: "9a6ec012e1a7da9dbe34194d478ad7c0db1822fb071df12981496ed104384113", + certStartOff: 626, + certLength: 2007, + }, + { + cn: "CN=Actalis Authentication Root CA,O=Actalis S.p.A./03358520967,L=Milan,C=IT", + sha256Hash: "55926084ec963a64b96e2abe01ce0ba86a64fbfebcc7aab5afc155b37fd76066", + certStartOff: 2633, + certLength: 1471, + }, + { + cn: "CN=AffirmTrust Commercial,O=AffirmTrust,C=US", + sha256Hash: "0376ab1d54c5f9803ce4b2e201a0ee7eef7b57b636e8a93c9b8d4860c96f5fa7", + certStartOff: 4104, + certLength: 848, + distrustAfter: "2024-11-30T23:59:59Z", + }, + { + cn: "CN=AffirmTrust Networking,O=AffirmTrust,C=US", + sha256Hash: "0a81ec5a929777f145904af38d5d509f66b5e2c58fcdb531058b0e17f3f0b41b", + certStartOff: 4952, + certLength: 848, + distrustAfter: "2024-11-30T23:59:59Z", + }, + { + cn: "CN=AffirmTrust Premium ECC,O=AffirmTrust,C=US", + sha256Hash: "bd71fdf6da97e4cf62d1647add2581b07d79adf8397eb4ecba9c5e8488821423", + certStartOff: 5800, + certLength: 514, + distrustAfter: "2024-11-30T23:59:59Z", + }, + { + cn: "CN=AffirmTrust Premium,O=AffirmTrust,C=US", + sha256Hash: "70a73f7f376b60074248904534b11482d5bf0e698ecc498df52577ebf2e93b9a", + certStartOff: 6314, + certLength: 1354, + distrustAfter: "2024-11-30T23:59:59Z", + }, + { + cn: "CN=Amazon Root CA 1,O=Amazon,C=US", + sha256Hash: "8ecde6884f3d87b1125ba31ac3fcb13d7016de7f57cc904fe1cb97c6ae98196e", + certStartOff: 7668, + certLength: 837, + }, + { + cn: "CN=Amazon Root CA 2,O=Amazon,C=US", + sha256Hash: "1ba5b2aa8c65401a82960118f80bec4f62304d83cec4713a19c39c011ea46db4", + certStartOff: 8505, + certLength: 1349, + }, + { + cn: "CN=Amazon Root CA 3,O=Amazon,C=US", + sha256Hash: "18ce6cfe7bf14e60b2e347b8dfe868cb31d02ebb3ada271569f50343b46db3a4", + certStartOff: 9854, + certLength: 442, + }, + { + cn: "CN=Amazon Root CA 4,O=Amazon,C=US", + sha256Hash: "e35d28419ed02025cfa69038cd623962458da5c695fbdea3c22b0bfb25897092", + certStartOff: 10296, + certLength: 502, + }, + { + cn: "CN=Atos TrustedRoot 2011,O=Atos,C=DE", + sha256Hash: "f356bea244b7a91eb35d53ca9ad7864ace018e2d35d5f8f96ddf68a6f41aa474", + certStartOff: 10798, + certLength: 891, + }, + { + cn: "CN=Atos TrustedRoot Root CA ECC TLS 2021,O=Atos,C=DE", + sha256Hash: "b2fae53e14ccd7ab9212064701ae279c1d8988facb775fa8a008914e663988a8", + certStartOff: 11689, + certLength: 537, + }, + { + cn: "CN=Atos TrustedRoot Root CA RSA TLS 2021,O=Atos,C=DE", + sha256Hash: "81a9088ea59fb364c548a6f85559099b6f0405efbf18e5324ec9f457ba00112f", + certStartOff: 12226, + certLength: 1384, + }, + { + cn: "CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,C=ES", + sha256Hash: "57de0583efd2b26e0361da99da9df4648def7ee8441c3b728afa9bcde0f9b26a", + certStartOff: 13610, + certLength: 1560, + }, + { + cn: "CN=BJCA Global Root CA1,O=BEIJING CERTIFICATE AUTHORITY,C=CN", + sha256Hash: "f3896f88fe7c0a882766a7fa6ad2749fb57a7f3e98fb769c1fa7b09c2c44d5ae", + certStartOff: 15170, + certLength: 1400, + }, + { + cn: "CN=BJCA Global Root CA2,O=BEIJING CERTIFICATE AUTHORITY,C=CN", + sha256Hash: "574df6931e278039667b720afdc1600fc27eb66dd3092979fb73856487212882", + certStartOff: 16570, + certLength: 553, + }, + { + cn: "CN=Buypass Class 2 Root CA,O=Buypass AS-983163327,C=NO", + sha256Hash: "9a114025197c5bb95d94e63d55cd43790847b646b23cdf11ada4a00eff15fb48", + certStartOff: 17123, + certLength: 1373, + }, + { + cn: "CN=Buypass Class 3 Root CA,O=Buypass AS-983163327,C=NO", + sha256Hash: "edf7ebbca27a2a384d387b7d4010c666e2edb4843e4c29b4ae1d5b9332e6b24d", + certStartOff: 18496, + certLength: 1373, + }, + { + cn: "CN=CA Disig Root R2,O=Disig a.s.,L=Bratislava,C=SK", + sha256Hash: "e23d4a036d7b70e9f595b1422079d2b91edfbb1fb651a0633eaa8a9dc5f80703", + certStartOff: 19869, + certLength: 1389, + }, + { + cn: "CN=CFCA EV ROOT,O=China Financial Certification Authority,C=CN", + sha256Hash: "5cc3d78e4e1d5e45547a04e6873e64f90cf9536d1ccc2ef800f355c4c5fd70fd", + certStartOff: 21258, + certLength: 1425, + }, + { + cn: "CN=COMODO Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB", + sha256Hash: "0c2cd63df7806fa399ede809116b575bf87989f06518f9808c860503178baf66", + certStartOff: 22683, + certLength: 1057, + }, + { + cn: "CN=COMODO ECC Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB", + sha256Hash: "1793927a0614549789adce2f8f34f7f0b66d0f3ae3a3b84d21ec15dbba4fadc7", + certStartOff: 23740, + certLength: 653, + }, + { + cn: "CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB", + sha256Hash: "52f0e1c4e58ec629291b60317f074671b85d7ea80d5b07273463534b32b40234", + certStartOff: 24393, + certLength: 1500, + }, + { + cn: "CN=Certainly Root E1,O=Certainly,C=US", + sha256Hash: "b4585f22e4ac756a4e8612a1361c5d9d031a93fd84febb778fa3068b0fc42dc2", + certStartOff: 25893, + certLength: 507, + }, + { + cn: "CN=Certainly Root R1,O=Certainly,C=US", + sha256Hash: "77b82cd8644c4305f7acc5cb156b45675004033d51c60c6202a8e0c33467d3a0", + certStartOff: 26400, + certLength: 1355, + }, + { + cn: "CN=Certigna Root CA,OU=0002 48146308100036,O=Dhimyotis,C=FR", + sha256Hash: "d48d3d23eedb50a459e55197601c27774b9d7b18c94d5a059511a10250b93168", + certStartOff: 27755, + certLength: 1631, + }, + { + cn: "CN=Certigna,O=Dhimyotis,C=FR", + sha256Hash: "e3b6a2db2ed7ce48842f7ac53241c7b71d54144bfb40c11f3f1d0b42f5eea12d", + certStartOff: 29386, + certLength: 940, + }, + { + cn: "CN=Certum EC-384 CA,OU=Certum Certification Authority,O=Asseco Data Systems S.A.,C=PL", + sha256Hash: "6b328085625318aa50d173c98d8bda09d57e27413d114cf787a0f5d06c030cf6", + certStartOff: 30326, + certLength: 617, + }, + { + cn: "CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL", + sha256Hash: "b676f2eddae8775cd36cb0f63cd1d4603961f49e6265ba013a2f0307b6d0b804", + certStartOff: 30943, + certLength: 1494, + }, + { + cn: "CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL", + sha256Hash: "5c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e", + certStartOff: 32437, + certLength: 959, + }, + { + cn: "CN=Certum Trusted Root CA,OU=Certum Certification Authority,O=Asseco Data Systems S.A.,C=PL", + sha256Hash: "fe7696573855773e37a95e7ad4d9cc96c30157c15d31765ba9b15704e1ae78fd", + certStartOff: 33396, + certLength: 1476, + }, + { + cn: "CN=CommScope Public Trust ECC Root-01,O=CommScope,C=US", + sha256Hash: "11437cda7bb45e41365f45b39a38986b0de00def348e0c7bb0873633800bc38b", + certStartOff: 34872, + certLength: 545, + }, + { + cn: "CN=CommScope Public Trust ECC Root-02,O=CommScope,C=US", + sha256Hash: "2ffb7f813bbbb3c89ab4e8162d0f16d71509a830cc9d73c262e5140875d1ad4a", + certStartOff: 35417, + certLength: 544, + }, + { + cn: "CN=CommScope Public Trust RSA Root-01,O=CommScope,C=US", + sha256Hash: "02bdf96e2a45dd9bf18fc7e1dbdf21a0379ba3c9c2610344cfd8d606fec1ed81", + certStartOff: 35961, + certLength: 1392, + }, + { + cn: "CN=CommScope Public Trust RSA Root-02,O=CommScope,C=US", + sha256Hash: "ffe943d793424b4f7c440c1c3d648d5363f34b82dc87aa7a9f118fc5dee101f1", + certStartOff: 37353, + certLength: 1392, + }, + { + cn: "CN=D-TRUST BR Root CA 1 2020,O=D-Trust GmbH,C=DE", + sha256Hash: "e59aaa816009c22bff5b25bad37df306f049797c1f81d85ab089e657bd8f0044", + certStartOff: 38745, + certLength: 735, + }, + { + cn: "CN=D-TRUST BR Root CA 2 2023,O=D-Trust GmbH,C=DE", + sha256Hash: "0552e6f83fdf65e8fa9670e666df28a4e21340b510cbe52566f97c4fb94b2bd1", + certStartOff: 39480, + certLength: 1453, + }, + { + cn: "CN=D-TRUST EV Root CA 1 2020,O=D-Trust GmbH,C=DE", + sha256Hash: "08170d1aa36453901a2f959245e347db0c8d37abaabc56b81aa100dc958970db", + certStartOff: 40933, + certLength: 735, + }, + { + cn: "CN=D-TRUST EV Root CA 2 2023,O=D-Trust GmbH,C=DE", + sha256Hash: "8e8221b2e7d4007836a1672f0dcc299c33bc07d316f132fa1a206d587150f1ce", + certStartOff: 41668, + certLength: 1453, + }, + { + cn: "CN=D-TRUST Root Class 3 CA 2 2009,O=D-Trust GmbH,C=DE", + sha256Hash: "49e7a442acf0ea6287050054b52564b650e4f49e42e348d6aa38e039e957b1c1", + certStartOff: 43121, + certLength: 1079, + }, + { + cn: "CN=D-TRUST Root Class 3 CA 2 EV 2009,O=D-Trust GmbH,C=DE", + sha256Hash: "eec5496b988ce98625b934092eec2908bed0b0f316c2d4730c84eaf1f3d34881", + certStartOff: 44200, + certLength: 1095, + }, + { + cn: "CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US", + sha256Hash: "3e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c", + certStartOff: 45295, + certLength: 955, + }, + { + cn: "CN=DigiCert Assured ID Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US", + sha256Hash: "7d05ebb682339f8c9451ee094eebfefa7953a114edb2f44949452fab7d2fc185", + certStartOff: 46250, + certLength: 922, + }, + { + cn: "CN=DigiCert Assured ID Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US", + sha256Hash: "7e37cb8b4c47090cab36551ba6f45db840680fba166a952db100717f43053fc2", + certStartOff: 47172, + certLength: 586, + }, + { + cn: "CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US", + sha256Hash: "4348a0e9444c78cb265e058d5e8944b4d84f9662bd26db257f8934a443c70161", + certStartOff: 47758, + certLength: 947, + }, + { + cn: "CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US", + sha256Hash: "cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f", + certStartOff: 48705, + certLength: 914, + }, + { + cn: "CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US", + sha256Hash: "31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0", + certStartOff: 49619, + certLength: 579, + }, + { + cn: "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US", + sha256Hash: "7431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf", + certStartOff: 50198, + certLength: 969, + }, + { + cn: "CN=DigiCert TLS ECC P384 Root G5,O=DigiCert\\, Inc.,C=US", + sha256Hash: "018e13f0772532cf809bd1b17281867283fc48c6e13be9c69812854a490c1b05", + certStartOff: 51167, + certLength: 541, + }, + { + cn: "CN=DigiCert TLS RSA4096 Root G5,O=DigiCert\\, Inc.,C=US", + sha256Hash: "371a00dc0533b3721a7eeb40e8419e70799d2b0a0f2c1d80693165f7cec4ad75", + certStartOff: 51708, + certLength: 1386, + }, + { + cn: "CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US", + sha256Hash: "552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988", + certStartOff: 53094, + certLength: 1428, + }, + { + cn: "CN=Entrust Root Certification Authority - EC1,OU=See www.entrust.net/legal-terms+OU=(c) 2012 Entrust\\, Inc. - for authorized use only,O=Entrust\\, Inc.,C=US", + sha256Hash: "02ed0eb28c14da45165c566791700d6451d7fb56f0b2ab1d3b8eb070e56edff5", + certStartOff: 54522, + certLength: 765, + distrustAfter: "2024-11-30T23:59:59Z", + }, + { + cn: "CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\\, Inc. - for authorized use only,O=Entrust\\, Inc.,C=US", + sha256Hash: "43df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f339", + certStartOff: 55287, + certLength: 1090, + distrustAfter: "2024-11-30T23:59:59Z", + }, + { + cn: "CN=Entrust Root Certification Authority,OU=www.entrust.net/CPS is incorporated by reference+OU=(c) 2006 Entrust\\, Inc.,O=Entrust\\, Inc.,C=US", + sha256Hash: "73c176434f1bc6d5adf45b0e76e727287c8de57616c1e6e6141a2b2cbc7d8e4c", + certStartOff: 56377, + certLength: 1173, + distrustAfter: "2024-11-30T23:59:59Z", + }, + { + cn: "CN=FIRMAPROFESIONAL CA ROOT-A WEB,O=Firmaprofesional SA,C=ES,2.5.4.97=#130f56415445532d413632363334303638", + sha256Hash: "bef256daf26e9c69bdec1602359798f3caf71821a03e018257c53c65617f3d4a", + certStartOff: 57550, + certLength: 638, + }, + { + cn: "CN=GDCA TrustAUTH R5 ROOT,O=GUANG DONG CERTIFICATE AUTHORITY CO.\\,LTD.,C=CN", + sha256Hash: "bfff8fd04433487d6a8aa60c1a29767a9fc2bbb05e420f713a13b992891d3893", + certStartOff: 58188, + certLength: 1420, + }, + { + cn: "CN=GLOBALTRUST 2020,O=e-commerce monitoring GmbH,C=AT", + sha256Hash: "9a296a5182d1d451a2e37f439b74daafa267523329f90f9a0d2007c334e23c9a", + certStartOff: 59608, + certLength: 1414, + distrustAfter: "2024-06-30T00:00:00Z", + }, + { + cn: "CN=GTS Root R1,O=Google Trust Services LLC,C=US", + sha256Hash: "d947432abde7b7fa90fc2e6b59101b1280e0e1c7e4e40fa3c6887fff57a7f4cf", + certStartOff: 61022, + certLength: 1371, + }, + { + cn: "CN=GTS Root R2,O=Google Trust Services LLC,C=US", + sha256Hash: "8d25cd97229dbf70356bda4eb3cc734031e24cf00fafcfd32dc76eb5841c7ea8", + certStartOff: 62393, + certLength: 1371, + }, + { + cn: "CN=GTS Root R3,O=Google Trust Services LLC,C=US", + sha256Hash: "34d8a73ee208d9bcdb0d956520934b4e40e69482596e8b6f73c8426b010a6f48", + certStartOff: 63764, + certLength: 525, + }, + { + cn: "CN=GTS Root R4,O=Google Trust Services LLC,C=US", + sha256Hash: "349dfa4058c5e263123b398ae795573c4e1313c83fe68f93556cd5e8031b3c7d", + certStartOff: 64289, + certLength: 525, + }, + { + cn: "CN=GlobalSign Root E46,O=GlobalSign nv-sa,C=BE", + sha256Hash: "cbb9c44d84b8043e1050ea31a69f514955d7bfd2e2c6b49301019ad61d9f5058", + certStartOff: 64814, + certLength: 527, + }, + { + cn: "CN=GlobalSign Root R46,O=GlobalSign nv-sa,C=BE", + sha256Hash: "4fa3126d8d3a11d1c4855a4f807cbad6cf919d3a5a88b03bea2c6372d93c40c9", + certStartOff: 65341, + certLength: 1374, + }, + { + cn: "CN=GlobalSign,OU=GlobalSign ECC Root CA - R4,O=GlobalSign", + sha256Hash: "b085d70b964f191a73e4af0d54ae7a0e07aafdaf9b71dd0862138ab7325a24a2", + certStartOff: 66715, + certLength: 480, + }, + { + cn: "CN=GlobalSign,OU=GlobalSign ECC Root CA - R5,O=GlobalSign", + sha256Hash: "179fbc148a3dd00fd24ea13458cc43bfa7f59c8182d783a513f6ebec100c8924", + certStartOff: 67195, + certLength: 546, + }, + { + cn: "CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign", + sha256Hash: "cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b", + certStartOff: 67741, + certLength: 867, + }, + { + cn: "CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign", + sha256Hash: "2cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf69", + certStartOff: 68608, + certLength: 1415, + }, + { + cn: "CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\\, Inc.,L=Scottsdale,ST=Arizona,C=US", + sha256Hash: "45140b3247eb9cc8c5b4f0d7b53091f73292089e6e5a63e2749dd3aca9198eda", + certStartOff: 70023, + certLength: 969, + }, + { + cn: "CN=HARICA TLS ECC Root CA 2021,O=Hellenic Academic and Research Institutions CA,C=GR", + sha256Hash: "3f99cc474acfce4dfed58794665e478d1547739f2e780f1bb4ca9b133097d401", + certStartOff: 70992, + certLength: 600, + }, + { + cn: "CN=HARICA TLS RSA Root CA 2021,O=Hellenic Academic and Research Institutions CA,C=GR", + sha256Hash: "d95d0e8eda79525bf9beb11b14d2100d3294985f0c62d9fabd9cd999eccb7b1d", + certStartOff: 71592, + certLength: 1448, + }, + { + cn: "CN=Hellenic Academic and Research Institutions ECC RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR", + sha256Hash: "44b545aa8a25e65a73ca15dc27fc36d24c1cb9953a066539b11582dc487b4833", + certStartOff: 73040, + certLength: 711, + }, + { + cn: "CN=Hellenic Academic and Research Institutions RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR", + sha256Hash: "a040929a02ce53b4acf4f2ffc6981ce4496f755e6d45fe0b2a692bcd52523f36", + certStartOff: 73751, + certLength: 1551, + }, + { + cn: "CN=HiPKI Root CA - G1,O=Chunghwa Telecom Co.\\, Ltd.,C=TW", + sha256Hash: "f015ce3cc239bfef064be9f1d2c417e1a0264a0a94be1f0c8d121864eb6949cc", + certStartOff: 75302, + certLength: 1390, + }, + { + cn: "CN=Hongkong Post Root CA 3,O=Hongkong Post,L=Hong Kong,ST=Hong Kong,C=HK", + sha256Hash: "5a2fc03f0c83b090bbfa40604b0988446c7636183df9846e17101a447fb8efd6", + certStartOff: 76692, + certLength: 1491, + }, + { + cn: "CN=ISRG Root X1,O=Internet Security Research Group,C=US", + sha256Hash: "96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6", + certStartOff: 78183, + certLength: 1391, + }, + { + cn: "CN=ISRG Root X2,O=Internet Security Research Group,C=US", + sha256Hash: "69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470", + certStartOff: 79574, + certLength: 543, + }, + { + cn: "CN=IdenTrust Commercial Root CA 1,O=IdenTrust,C=US", + sha256Hash: "5d56499be4d2e08bcfcad08a3e38723d50503bde706948e42f55603019e528ae", + certStartOff: 80117, + certLength: 1380, + }, + { + cn: "CN=IdenTrust Public Sector Root CA 1,O=IdenTrust,C=US", + sha256Hash: "30d0895a9a448a262091635522d1f52010b5867acae12c78ef958fd4f4389f2f", + certStartOff: 81497, + certLength: 1386, + }, + { + cn: "CN=Izenpe.com,O=IZENPE S.A.,C=ES", + sha256Hash: "2530cc8e98321502bad96f9b1fba1b099e2d299e0f4548bb914f363bc0d4531f", + certStartOff: 82883, + certLength: 1525, + }, + { + cn: "CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU,1.2.840.113549.1.9.1=#0c10696e666f40652d737a69676e6f2e6875", + sha256Hash: "3c5f81fea5fab82c64bfa2eaecafcde8e077fc8620a7cae537163df36edbf378", + certStartOff: 84408, + certLength: 1038, + }, + { + cn: "CN=Microsoft ECC Root Certificate Authority 2017,O=Microsoft Corporation,C=US", + sha256Hash: "358df39d764af9e1b766e9c972df352ee15cfac227af6ad1d70e8e4a6edcba02", + certStartOff: 85446, + certLength: 605, + }, + { + cn: "CN=Microsoft RSA Root Certificate Authority 2017,O=Microsoft Corporation,C=US", + sha256Hash: "c741f70f4b2a8d88bf2e71c14122ef53ef10eba0cfa5e64cfa20f418853073e0", + certStartOff: 86051, + certLength: 1452, + }, + { + cn: "CN=NAVER Global Root Certification Authority,O=NAVER BUSINESS PLATFORM Corp.,C=KR", + sha256Hash: "88f438dcf8ffd1fa8f429115ffe5f82ae1e06e0c70c375faad717b34a49e7265", + certStartOff: 87503, + certLength: 1446, + }, + { + cn: "CN=NetLock Arany (Class Gold) Főtanúsítvány,OU=Tanúsítványkiadók (Certification Services),O=NetLock Kft.,L=Budapest,C=HU", + sha256Hash: "6c61dac3a2def031506be036d2a6fe401994fbd13df9c8d466599274c446ec98", + certStartOff: 88949, + certLength: 1049, + }, + { + cn: "CN=OISTE WISeKey Global Root GB CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH", + sha256Hash: "6b9c08e86eb0f767cfad65cd98b62149e5494a67f5845e7bd1ed019f27b86bd6", + certStartOff: 89998, + certLength: 953, + }, + { + cn: "CN=OISTE WISeKey Global Root GC CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH", + sha256Hash: "8560f91c3624daba9570b5fea0dbe36ff11a8323be9486854fb3f34a5571198d", + certStartOff: 90951, + certLength: 621, + }, + { + cn: "CN=QuoVadis Root CA 1 G3,O=QuoVadis Limited,C=BM", + sha256Hash: "8a866fd1b276b57e578e921c65828a2bed58e9f2f288054134b7f1f4bfc9cc74", + certStartOff: 91572, + certLength: 1380, + }, + { + cn: "CN=QuoVadis Root CA 2 G3,O=QuoVadis Limited,C=BM", + sha256Hash: "8fe4fb0af93a4d0d67db0bebb23e37c71bf325dcbcdd240ea04daf58b47e1840", + certStartOff: 92952, + certLength: 1380, + }, + { + cn: "CN=QuoVadis Root CA 2,O=QuoVadis Limited,C=BM", + sha256Hash: "85a0dd7dd720adb7ff05f83d542b209dc7ff4528f7d677b18389fea5e5c49e86", + certStartOff: 94332, + certLength: 1467, + }, + { + cn: "CN=QuoVadis Root CA 3 G3,O=QuoVadis Limited,C=BM", + sha256Hash: "88ef81de202eb018452e43f864725cea5fbd1fc2d9d205730709c5d8b8690f46", + certStartOff: 95799, + certLength: 1380, + }, + { + cn: "CN=QuoVadis Root CA 3,O=QuoVadis Limited,C=BM", + sha256Hash: "18f1fc7f205df8adddeb7fe007dd57e3af375a9c4d8d73546bf4f1fed1e18d35", + certStartOff: 97179, + certLength: 1697, + }, + { + cn: "CN=SSL.com EV Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US", + sha256Hash: "22a2c1f7bded704cc1e701b5f408c310880fe956b5de2a4a44f99c873a25a7c8", + certStartOff: 98876, + certLength: 664, + }, + { + cn: "CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US", + sha256Hash: "2e7bf16cc22485a7bbe2aa8696750761b0ae39be3b2fe9d0cc6d4ef73491425c", + certStartOff: 99540, + certLength: 1519, + }, + { + cn: "CN=SSL.com Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US", + sha256Hash: "3417bb06cc6007da1b961c920b8ab4ce3fad820e4aa30b9acbc4a74ebdcebc65", + certStartOff: 101059, + certLength: 657, + }, + { + cn: "CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US", + sha256Hash: "85666a562ee0be5ce925c1d8890a6f76a87ec16d4d7d5f29ea7419cf20123b69", + certStartOff: 101716, + certLength: 1505, + }, + { + cn: "CN=SSL.com TLS ECC Root CA 2022,O=SSL Corporation,C=US", + sha256Hash: "c32ffd9f46f936d16c3673990959434b9ad60aafbb9e7cf33654f144cc1ba143", + certStartOff: 103221, + certLength: 574, + }, + { + cn: "CN=SSL.com TLS RSA Root CA 2022,O=SSL Corporation,C=US", + sha256Hash: "8faf7d2e2cb4709bb8e0b33666bf75a5dd45b5de480f8ea8d4bfe6bebc17f2ed", + certStartOff: 103795, + certLength: 1421, + }, + { + cn: "CN=SZAFIR ROOT CA2,O=Krajowa Izba Rozliczeniowa S.A.,C=PL", + sha256Hash: "a1339d33281a0b56e557d3d32b1ce7f9367eb094bd5fa72a7e5004c8ded7cafe", + certStartOff: 105216, + certLength: 886, + }, + { + cn: "CN=Sectigo Public Server Authentication Root E46,O=Sectigo Limited,C=GB", + sha256Hash: "c90f26f0fb1b4018b22227519b5ca2b53e2ca5b3be5cf18efe1bef47380c5383", + certStartOff: 106102, + certLength: 574, + }, + { + cn: "CN=Sectigo Public Server Authentication Root R46,O=Sectigo Limited,C=GB", + sha256Hash: "7bb647a62aeeac88bf257aa522d01ffea395e0ab45c73f93f65654ec38f25a06", + certStartOff: 106676, + certLength: 1422, + }, + { + cn: "CN=Secure Global CA,O=SecureTrust Corporation,C=US", + sha256Hash: "4200f5043ac8590ebb527d209ed1503029fbcbd41ca1b506ec27f15ade7dac69", + certStartOff: 108098, + certLength: 960, + }, + { + cn: "CN=SecureSign Root CA12,O=Cybertrust Japan Co.\\, Ltd.,C=JP", + sha256Hash: "3f034bb5704d44b2d08545a02057de93ebf3905fce721acbc730c06ddaee904e", + certStartOff: 109058, + certLength: 886, + }, + { + cn: "CN=SecureSign Root CA14,O=Cybertrust Japan Co.\\, Ltd.,C=JP", + sha256Hash: "4b009c1034494f9ab56bba3ba1d62731fc4d20d8955adcec10a925607261e338", + certStartOff: 109944, + certLength: 1398, + }, + { + cn: "CN=SecureSign Root CA15,O=Cybertrust Japan Co.\\, Ltd.,C=JP", + sha256Hash: "e778f0f095fe843729cd1a0082179e5314a9c291442805e1fb1d8fb6b8886c3a", + certStartOff: 111342, + certLength: 551, + }, + { + cn: "CN=SecureTrust CA,O=SecureTrust Corporation,C=US", + sha256Hash: "f1c1b50ae5a20dd8030ec9f6bc24823dd367b5255759b4e71b61fce9f7375d73", + certStartOff: 111893, + certLength: 956, + }, + { + cn: "CN=Security Communication ECC RootCA1,O=SECOM Trust Systems CO.\\,LTD.,C=JP", + sha256Hash: "e74fbda55bd564c473a36b441aa799c8a68e077440e8288b9fa1e50e4bbaca11", + certStartOff: 112849, + certLength: 572, + }, + { + cn: "CN=Starfield Root Certificate Authority - G2,O=Starfield Technologies\\, Inc.,L=Scottsdale,ST=Arizona,C=US", + sha256Hash: "2ce1cb0bf9d2f9e102993fbe215152c3b2dd0cabde1c68e5319b839154dbb7f5", + certStartOff: 113421, + certLength: 993, + }, + { + cn: "CN=Starfield Services Root Certificate Authority - G2,O=Starfield Technologies\\, Inc.,L=Scottsdale,ST=Arizona,C=US", + sha256Hash: "568d6905a2c88708a4b3025190edcfedb1974a606a13c6e5290fcb2ae63edab5", + certStartOff: 114414, + certLength: 1011, + }, + { + cn: "CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH", + sha256Hash: "62dd0be9b9f50a163ea0f8e75c053b1eca57ea55c8688f647c6881f2c8357b95", + certStartOff: 115425, + certLength: 1470, + }, + { + cn: "CN=SwissSign RSA TLS Root CA 2022 - 1,O=SwissSign AG,C=CH", + sha256Hash: "193144f431e0fddb740717d4de926a571133884b4360d30e272913cbe660ce41", + certStartOff: 116895, + certLength: 1431, + }, + { + cn: "CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE", + sha256Hash: "91e2f5788d5810eba7ba58737de1548a8ecacd014598bc0b143e041b17052552", + certStartOff: 118326, + certLength: 967, + }, + { + cn: "CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE", + sha256Hash: "fd73dad31c644ff1b43bef0ccdda96710b9cd9875eca7e31707af3e96d522bbd", + certStartOff: 119293, + certLength: 967, + }, + { + cn: "CN=TWCA CYBER Root CA,OU=Root CA,O=TAIWAN-CA,C=TW", + sha256Hash: "3f63bb2814be174ec8b6439cf08d6d56f0b7c405883a5648a334424d6b3ec558", + certStartOff: 120260, + certLength: 1425, + }, + { + cn: "CN=TWCA Global Root CA,OU=Root CA,O=TAIWAN-CA,C=TW", + sha256Hash: "59769007f7685d0fcd50872f9f95d5755a5b2b457d81f3692b610a98672f0e1b", + certStartOff: 121685, + certLength: 1349, + }, + { + cn: "CN=TWCA Root Certification Authority,OU=Root CA,O=TAIWAN-CA,C=TW", + sha256Hash: "bfd88fe1101c41ae3e801bf8be56350ee9bad1a6b9bd515edc5c6d5b8711ac44", + certStartOff: 123034, + certLength: 895, + }, + { + cn: "CN=Telekom Security TLS ECC Root 2020,O=Deutsche Telekom Security GmbH,C=DE", + sha256Hash: "578af4ded0853f4e5998db4aeaf9cbea8d945f60b620a38d1a3c13b2bc7ba8e1", + certStartOff: 123929, + certLength: 582, + }, + { + cn: "CN=Telekom Security TLS RSA Root 2023,O=Deutsche Telekom Security GmbH,C=DE", + sha256Hash: "efc65cadbb59adb6efe84da22311b35624b71b3b1ea0da8b6655174ec8978646", + certStartOff: 124511, + certLength: 1463, + }, + { + cn: "CN=Telia Root CA v2,O=Telia Finland Oyj,C=FI", + sha256Hash: "242b69742fcb1e5b2abf98898b94572187544e5b4d9911786573621f6a74b82c", + certStartOff: 125974, + certLength: 1400, + }, + { + cn: "CN=TeliaSonera Root CA v1,O=TeliaSonera", + sha256Hash: "dd6936fe21f8f077c123a1a521c12224f72255b73e03a7260693e8a24b0fa389", + certStartOff: 127374, + certLength: 1340, + }, + { + cn: "CN=TrustAsia Global Root CA G3,O=TrustAsia Technologies\\, Inc.,C=CN", + sha256Hash: "e0d3226aeb1163c2e48ff9be3b50b4c6431be7bb1eacc5c36b5d5ec509039a08", + certStartOff: 128714, + certLength: 1449, + }, + { + cn: "CN=TrustAsia Global Root CA G4,O=TrustAsia Technologies\\, Inc.,C=CN", + sha256Hash: "be4b56cb5056c0136a526df444508daa36a0b54f42e4ac38f72af470e479654c", + certStartOff: 130163, + certLength: 601, + }, + { + cn: "CN=TrustAsia TLS ECC Root CA,O=TrustAsia Technologies\\, Inc.,C=CN", + sha256Hash: "c0076b9ef0531fb1a656d67c4ebe97cd5dbaa41ef44598acc2489878c92d8711", + certStartOff: 130764, + certLength: 565, + }, + { + cn: "CN=TrustAsia TLS RSA Root CA,O=TrustAsia Technologies\\, Inc.,C=CN", + sha256Hash: "06c08d7dafd876971eb1124fe67f847ec0c7a158d3ea53cbe940e2ea9791f4c3", + certStartOff: 131329, + certLength: 1412, + }, + { + cn: "CN=Trustwave Global Certification Authority,O=Trustwave Holdings\\, Inc.,L=Chicago,ST=Illinois,C=US", + sha256Hash: "97552015f5ddfc3c8788c006944555408894450084f100867086bc1a2bb58dc8", + certStartOff: 132741, + certLength: 1502, + }, + { + cn: "CN=Trustwave Global ECC P256 Certification Authority,O=Trustwave Holdings\\, Inc.,L=Chicago,ST=Illinois,C=US", + sha256Hash: "945bbc825ea554f489d1fd51a73ddf2ea624ac7019a05205225c22a78ccfa8b4", + certStartOff: 134243, + certLength: 612, + }, + { + cn: "CN=Trustwave Global ECC P384 Certification Authority,O=Trustwave Holdings\\, Inc.,L=Chicago,ST=Illinois,C=US", + sha256Hash: "55903859c8c0c3ebb8759ece4e2557225ff5758bbd38ebd48276601e1bd58097", + certStartOff: 134855, + certLength: 673, + }, + { + cn: "CN=TunTrust Root CA,O=Agence Nationale de Certification Electronique,C=TN", + sha256Hash: "2e44102ab58cb85419451c8e19d9acf3662cafbc614b6a53960a30f7d0e2eb41", + certStartOff: 135528, + certLength: 1463, + }, + { + cn: "CN=UCA Extended Validation Root,O=UniTrust,C=CN", + sha256Hash: "d43af9b35473755c9684fc06d7d8cb70ee5c28e773fb294eb41ee71722924d24", + certStartOff: 136991, + certLength: 1374, + }, + { + cn: "CN=UCA Global G2 Root,O=UniTrust,C=CN", + sha256Hash: "9bea11c976fe014764c1be56a6f914b5a560317abd9988393382e5161aa0493c", + certStartOff: 138365, + certLength: 1354, + }, + { + cn: "CN=USERTrust ECC Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US", + sha256Hash: "4ff460d54b9c86dabfbcfc5712e0400d2bed3fbc4d4fbdaa86e06adcd2a9ad7a", + certStartOff: 139719, + certLength: 659, + }, + { + cn: "CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US", + sha256Hash: "e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd2", + certStartOff: 140378, + certLength: 1506, + }, + { + cn: "CN=e-Szigno Root CA 2017,O=Microsec Ltd.,L=Budapest,C=HU,2.5.4.97=#130e56415448552d3233353834343937", + sha256Hash: "beb00b30839b9bc32c32e4447905950641f26421b15ed089198b518ae2ea1b99", + certStartOff: 141884, + certLength: 580, + }, + { + cn: "CN=emSign ECC Root CA - C3,OU=emSign PKI,O=eMudhra Inc,C=US", + sha256Hash: "bc4d809b15189d78db3e1d8cf4f9726a795da1643ca5f1358e1ddb0edc0d7eb3", + certStartOff: 142464, + certLength: 559, + }, + { + cn: "CN=emSign ECC Root CA - G3,OU=emSign PKI,O=eMudhra Technologies Limited,C=IN", + sha256Hash: "86a1ecba089c4a8d3bbe2734c612ba341d813e043cf9e8a862cd5c57a36bbe6b", + certStartOff: 143023, + certLength: 594, + }, + { + cn: "CN=emSign Root CA - C1,OU=emSign PKI,O=eMudhra Inc,C=US", + sha256Hash: "125609aa301da0a249b97a8239cb6a34216f44dcac9f3954b14292f2e8c8608f", + certStartOff: 143617, + certLength: 887, + }, + { + cn: "CN=emSign Root CA - G1,OU=emSign PKI,O=eMudhra Technologies Limited,C=IN", + sha256Hash: "40f6af0346a99aa1cd1d555a4e9cce62c7f9634603ee406615833dc8c8d00367", + certStartOff: 144504, + certLength: 920, + }, + { + cn: "CN=vTrus ECC Root CA,O=iTrusChina Co.\\,Ltd.,C=CN", + sha256Hash: "30fbba2c32238e2a98547af97931e550428b9b3f1c8eeb6633dcfa86c5b27dd3", + certStartOff: 145424, + certLength: 531, + }, + { + cn: "CN=vTrus Root CA,O=iTrusChina Co.\\,Ltd.,C=CN", + sha256Hash: "8a71de6559336f426c26e53880d00d88a18da4c6a91f0dcb6194e206c5c96387", + certStartOff: 145955, + certLength: 1370, + }, + { + cn: "OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES", + sha256Hash: "ebc5570c29018c4d67b1aa127baf12f703b4611ebc17b7dab5573894179b93fa", + certStartOff: 147325, + certLength: 1415, + }, + { + cn: "OU=Security Communication RootCA2,O=SECOM Trust Systems CO.\\,LTD.,C=JP", + sha256Hash: "513b2cecb810d4cde5dd85391adfc6c2dd60d87bb736d2b521484aa47a0ebef6", + certStartOff: 148740, + certLength: 891, + }, + { + cn: "OU=certSIGN ROOT CA G2,O=CERTSIGN SA,C=RO", + sha256Hash: "657cfe2fa73faa38462571f332a2363a46fce7020951710702cdfbb6eeda3305", + certStartOff: 149631, + certLength: 1355, + }, + { + cn: "OU=certSIGN ROOT CA,O=certSIGN,C=RO", + sha256Hash: "eaa962c4fa4a6bafebe415196d351ccd888d4f53f3fa8ae6d7c466a94e6042bb", + certStartOff: 150986, + certLength: 828, + }, + { + cn: "OU=ePKI Root Certification Authority,O=Chunghwa Telecom Co.\\, Ltd.,C=TW", + sha256Hash: "c0a6f4dc63a24bfdcf54ef2a6a082a0a72de35803e2ff5ff527ae5d87206dfd5", + certStartOff: 151814, + certLength: 1460, + distrustAfter: "2025-04-15T23:59:59Z", + }, + { + cn: "SERIALNUMBER=G63287510,CN=ANF Secure Server Root CA,OU=ANF CA Raiz,O=ANF Autoridad de Certificacion,C=ES", + sha256Hash: "fb8fec759169b9106b1e511644c618c51304373f6c0643088d8beffd1b997599", + certStartOff: 153274, + certLength: 1523, + }, +} diff --git a/x509roots/fallback/bundle/bundle_test.go b/x509roots/fallback/bundle/bundle_test.go new file mode 100644 index 0000000..3eafe15 --- /dev/null +++ b/x509roots/fallback/bundle/bundle_test.go @@ -0,0 +1,32 @@ +// Copyright 2025 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package bundle + +import ( + "crypto/sha256" + "crypto/x509" + "encoding/hex" + "testing" +) + +func TestBundle(t *testing.T) { + for i, unparsed := range unparsedCertificates { + cert, err := x509.ParseCertificate(rawCerts[unparsed.certStartOff : unparsed.certStartOff+unparsed.certLength]) + if err != nil { + t.Errorf("ParseCertificate(unparsedCertificates[%v]) unexpected error: %v", i, err) + continue + } + + if unparsed.cn != cert.Subject.String() { + t.Errorf("unparsedCertificates[%v].cn = %q; want = %q", i, unparsed.cn, cert.Subject.String()) + } + + sum := sha256.Sum256(cert.Raw) + sumHex := hex.EncodeToString(sum[:]) + if sumHex != unparsed.sha256Hash { + t.Errorf("unparsedCertificates[%v].sha256Hash = %q; want = %q", i, unparsed.sha256Hash, sumHex) + } + } +} diff --git a/x509roots/fallback/bundle/roots.go b/x509roots/fallback/bundle/roots.go new file mode 100644 index 0000000..38a1b3d --- /dev/null +++ b/x509roots/fallback/bundle/roots.go @@ -0,0 +1,73 @@ +// Copyright 2025 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package bundle contains the bundle of root certificates parsed from the NSS +// trust store, using x509roots/nss. +package bundle + +import ( + "crypto/x509" + _ "embed" + "fmt" + "iter" + "time" +) + +//go:embed bundle.der +var rawCerts []byte + +// Root represents a root certificate parsed from the NSS trust store. +type Root struct { + // Certificate is the DER-encoded certificate (read-only; do not modify!). + Certificate []byte + + // Constraint is nil if the root is unconstrained. If Constraint is non-nil, + // the certificate has additional constraints that cannot be encoded in + // X.509, and when building a certificate chain anchored with this root the + // chain should be passed to this function to check its validity. If using a + // [crypto/x509.CertPool] the root should be added using + // [crypto/x509.CertPool.AddCertWithConstraint]. + Constraint func([]*x509.Certificate) error +} + +// Roots returns the bundle of root certificates from the NSS trust store. The +// [Root.Certificate] slice must be treated as read-only and should not be +// modified. +func Roots() iter.Seq[Root] { + return func(yield func(Root) bool) { + for _, unparsed := range unparsedCertificates { + root := Root{ + Certificate: rawCerts[unparsed.certStartOff : unparsed.certStartOff+unparsed.certLength], + } + // parse possible constraints, this should check all fields of unparsedCertificate. + if unparsed.distrustAfter != "" { + distrustAfter, err := time.Parse(time.RFC3339, unparsed.distrustAfter) + if err != nil { + panic(fmt.Sprintf("failed to parse distrustAfter %q: %s", unparsed.distrustAfter, err)) + } + root.Constraint = func(chain []*x509.Certificate) error { + for _, c := range chain { + if c.NotBefore.After(distrustAfter) { + return fmt.Errorf("certificate issued after distrust-after date %q", distrustAfter) + } + } + return nil + } + } + if !yield(root) { + return + } + } + } +} + +type unparsedCertificate struct { + cn string + sha256Hash string + certStartOff int + certLength int + + // possible constraints + distrustAfter string +} diff --git a/x509roots/fallback/bundle/roots_test.go b/x509roots/fallback/bundle/roots_test.go new file mode 100644 index 0000000..04ba9db --- /dev/null +++ b/x509roots/fallback/bundle/roots_test.go @@ -0,0 +1,18 @@ +// Copyright 2025 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package bundle + +import ( + "crypto/x509" + "testing" +) + +func TestRootsCanBeParsed(t *testing.T) { + for root := range Roots() { + if _, err := x509.ParseCertificate(root.Certificate); err != nil { + t.Fatalf("Could not parse root certificate: %v", err) + } + } +} diff --git a/x509roots/fallback/bundle_test.go b/x509roots/fallback/bundle_test.go deleted file mode 100644 index a8922cc..0000000 --- a/x509roots/fallback/bundle_test.go +++ /dev/null @@ -1,32 +0,0 @@ -// Copyright 2025 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package fallback - -import ( - "crypto/sha256" - "crypto/x509" - "encoding/hex" - "testing" -) - -func TestBundle(t *testing.T) { - for i, unparsed := range unparsedCertificates { - cert, err := x509.ParseCertificate(rawCerts[unparsed.certStartOff : unparsed.certStartOff+unparsed.certLength]) - if err != nil { - t.Errorf("ParseCertificate(unparsedCertificates[%v]) unexpected error: %v", i, err) - continue - } - - if unparsed.cn != cert.Subject.String() { - t.Errorf("unparsedCertificates[%v].cn = %q; want = %q", i, unparsed.cn, cert.Subject.String()) - } - - sum := sha256.Sum256(cert.Raw) - sumHex := hex.EncodeToString(sum[:]) - if sumHex != unparsed.sha256Hash { - t.Errorf("unparsedCertificates[%v].sha256Hash = %q; want = %q", i, unparsed.sha256Hash, sumHex) - } - } -} diff --git a/x509roots/fallback/fallback.go b/x509roots/fallback/fallback.go index a0dad33..79e1870 100644 --- a/x509roots/fallback/fallback.go +++ b/x509roots/fallback/fallback.go @@ -20,13 +20,9 @@ package fallback import ( "crypto/x509" - _ "embed" - "fmt" - "time" -) -//go:embed bundle.der -var rawCerts []byte + "golang.org/x/crypto/x509roots/fallback/bundle" +) func init() { x509.SetFallbackRoots(newFallbackCertPool()) @@ -34,62 +30,16 @@ func init() { func newFallbackCertPool() *x509.CertPool { p := x509.NewCertPool() - for _, c := range mustParse(unparsedCertificates) { - if len(c.constraints) == 0 { - p.AddCert(c.cert) - } else { - p.AddCertWithConstraint(c.cert, func(chain []*x509.Certificate) error { - for _, constraint := range c.constraints { - if err := constraint(chain); err != nil { - return err - } - } - return nil - }) - } - } - return p -} - -type unparsedCertificate struct { - cn string - sha256Hash string - certStartOff int - certLength int - - // possible constraints - distrustAfter string -} - -type parsedCertificate struct { - cert *x509.Certificate - constraints []func([]*x509.Certificate) error -} - -func mustParse(unparsedCerts []unparsedCertificate) []parsedCertificate { - b := make([]parsedCertificate, 0, len(unparsedCerts)) - for _, unparsed := range unparsedCerts { - cert, err := x509.ParseCertificate(rawCerts[unparsed.certStartOff : unparsed.certStartOff+unparsed.certLength]) + for c := range bundle.Roots() { + cert, err := x509.ParseCertificate(c.Certificate) if err != nil { panic(err) } - parsed := parsedCertificate{cert: cert} - // parse possible constraints, this should check all fields of unparsedCertificate. - if unparsed.distrustAfter != "" { - distrustAfter, err := time.Parse(time.RFC3339, unparsed.distrustAfter) - if err != nil { - panic(fmt.Sprintf("failed to parse distrustAfter %q: %s", unparsed.distrustAfter, err)) - } - parsed.constraints = append(parsed.constraints, func(chain []*x509.Certificate) error { - for _, c := range chain { - if c.NotBefore.After(distrustAfter) { - return fmt.Errorf("certificate issued after distrust-after date %q", distrustAfter) - } - } - return nil - }) + if c.Constraint == nil { + p.AddCert(cert) + } else { + p.AddCertWithConstraint(cert, c.Constraint) } - b = append(b, parsed) } - return b + return p } diff --git a/x509roots/gen_fallback_bundle.go b/x509roots/gen_fallback_bundle.go index ed2f9f8..810996c 100644 --- a/x509roots/gen_fallback_bundle.go +++ b/x509roots/gen_fallback_bundle.go @@ -27,7 +27,7 @@ import ( const tmpl = `// Code generated by gen_fallback_bundle.go; DO NOT EDIT. -package fallback +package bundle var unparsedCertificates = []unparsedCertificate{ ` @@ -35,8 +35,8 @@ var unparsedCertificates = []unparsedCertificate{ var ( certDataURL = flag.String("certdata-url", "https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt", "URL to the raw certdata.txt file to parse (certdata-path overrides this, if provided)") certDataPath = flag.String("certdata-path", "", "Path to the NSS certdata.txt file to parse (this overrides certdata-url, if provided)") - output = flag.String("output", "fallback/bundle.go", "Path to file to write output to") - derOutput = flag.String("deroutput", "fallback/bundle.der", "Path to file to write output to (DER certificate bundle)") + output = flag.String("output", "fallback/bundle/bundle.go", "Path to file to write output to") + derOutput = flag.String("deroutput", "fallback/bundle/bundle.der", "Path to file to write output to (DER certificate bundle)") ) func main() { -- cgit v1.3