Hello, This may not be the correct place to ask this question, if not, please let me know.
Many 3rd party software applications pull copies of the certdata.txt to generate PEM files (perhaps other uses). Recently, for example, I was looking at curl's mk-ca-bundle script, and it pulls from MXR's mozilla[1] which is nearly a year old. Then I got curious, and looked around and found certdata.txt in many other places, often with different Last Modification times, file sizes, and contents, most of which no longer have a version number in them, which further confuses things. Well, naturally I figured nss tree might be the best place to look. But upon comparing time stamps, file sizes, and contents, I found that the nss tree, although it has the same contents as -central, -beta and -aurora, is a full 24 minutes older than -aurora, 18 minutes older than -release yet -release is nearly 200kb smaller in size. Anyways, I've volunteered to update the scripts, but am not sure of the best place to pull certdata.txt. "Best" meaning not susceptible to update goofs like typos, incorrect data, etc, yet otherwise accurate about which CA's can and can not be trusted. I do not think it necessarily must be tied to any specific release of the Mozilla browser. Thus far, we've planned to implement an option to specify a short name to pull from one of the corresponding trees, otherwise use a URL if specified, otherwise default to -release (or possibly nss). [1] mozilla : Sat, 29 Dec 2012 20:03:40 GMT; 1,306,494 bytes [2] nss : Thu, 05 Dec 2013 09:58:06 GMT; 1,571,146 bytes [3] -central: Thu, 05 Dec 2013 12:01:58 GMT; 1,571,146 bytes [4] -aurora : Thu, 05 Dec 2013 09:34:03 GMT; 1,571,146 bytes [5] -beta : Tue, 10 Dec 2013 09:49:07 GMT; 1,571,146 bytes [6] -release: Thu, 05 Dec 2013 09:40:49 GMT; 1,387,627 bytes [1] http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1 [2] http://mxr.mozilla.org/nss/source/lib/ckfw/builtins/certdata.txt?raw=1 [3] http://mxr.mozilla.org/mozilla-central/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1 [4] http://mxr.mozilla.org/mozilla-aurora/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1 [5] http://mxr.mozilla.org/mozilla-beta/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1 [6] http://mxr.mozilla.org/mozilla-release/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1 Please advise, and kind regards. -- Leif _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
