From 078af755461c381a6438a9ae7dfc6154fabfae16 Mon Sep 17 00:00:00 2001 From: Miquel Bonastre Date: Thu, 30 Jan 2025 17:19:05 +0100 Subject: [PATCH] certs: add 'USERTrust ECC Certification Authority' Add ROOT certification authority for github.com (USERTrust ECC Certification Authority) Also, running 'make' when you don't have support for ipv6 stops at 'ipv6.showipv6.de' which only has AAAA record. To allow verify all IPv4 sites/certs before failing for IPv6, Makefile now has two domain lists; the original one (DOMAINS) and the IPv6-only (DOMAINSIPV6). With these changes, the error occurs after validating all IPv4 compatible sites/certs. --- certs/Makefile | 11 +++++++---- certs/USERTrust-ECC-Certification-Authority.pem | 16 ++++++++++++++++ 2 files changed, 23 insertions(+), 4 deletions(-) create mode 100644 certs/USERTrust-ECC-Certification-Authority.pem diff --git a/certs/Makefile b/certs/Makefile index 870cb542..39627e5f 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -12,9 +12,9 @@ DOMAINS = \ dns.quad9.net/DigiCert-Global-Root-G3 \ feodotracker.abuse.ch/GlobalSign \ git.eworm.de/ISRG-Root-X2 \ + github.com/USERTrust-ECC-Certification-Authority \ ipv4.showipv6.de/ISRG-Root-X1 \ ipv4.tunnelbroker.net/Starfield-Root-Certificate-Authority-G2 \ - ipv6.showipv6.de/ISRG-Root-X1 \ lists.blocklist.de/Certum-Trusted-Network-CA \ matrix.org/GTS-Root-R4 \ mkcert.org/ISRG-Root-X1 \ @@ -24,9 +24,12 @@ DOMAINS = \ www.dshield.org/ISRG-Root-X1 \ www.spamhaus.org/GTS-Root-R4 -.PHONY: $(DOMAINS) +DOMAINSIPV6 = \ + ipv6.showipv6.de/ISRG-Root-X1 -all: $(DOMAINS) +.PHONY: $(DOMAINS) $(DOMAINSIPV6) -$(DOMAINS): +all: $(DOMAINS) $(DOMAINSIPV6) + +$(DOMAINS) $(DOMAINSIPV6) : curl --output /dev/null --silent --connect-timeout 5 --cacert $(notdir $@).pem https://$(dir $@) diff --git a/certs/USERTrust-ECC-Certification-Authority.pem b/certs/USERTrust-ECC-Certification-Authority.pem new file mode 100644 index 00000000..8c9cecd5 --- /dev/null +++ b/certs/USERTrust-ECC-Certification-Authority.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICjzCCAhWgAwIBAgIQXIuZxVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNl +eSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMT +JVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMjAx +MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgT +Ck5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUg +VVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlm +aWNhdGlvbiBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQarFRaqflo +I+d61SRvU8Za2EurxtW20eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinng +o4N+LZfQYcTxmdwlkWOrfzCjtHDix6EznPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0G +A1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAOBgNVHQ8BAf8EBAMCAQYwDwYD +VR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjA2Z6EWCNzklwBBHU6+4WMB +zzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDpKmFHjFJKS04YcPbW +RNZu9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1Xahg= +-----END CERTIFICATE-----