1 #
   2 # CDDL HEADER START
   3 #
   4 # The contents of this file are subject to the terms of the
   5 # Common Development and Distribution License (the "License").
   6 # You may not use this file except in compliance with the License.
   7 #
   8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9 # or http://www.opensolaris.org/os/licensing.
  10 # See the License for the specific language governing permissions
  11 # and limitations under the License.
  12 #
  13 # When distributing Covered Code, include this CDDL HEADER in each
  14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15 # If applicable, add the following below this CDDL HEADER, with the
  16 # fields enclosed by brackets "[]" replaced with your own identifying
  17 # information: Portions Copyright [yyyy] [name of copyright owner]
  18 #
  19 # CDDL HEADER END
  20 #
  21 #
  22 # Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
  23 # Copyright (c) 2012, OmniTI Computer Consulting, Inc. All rights reserved.
  24 
  25 #
  26 # These CA certs are extracted from the NSS database libnssckbi.so.
  27 # Each CA cert is pointed by a symbolic link. The name of the
  28 # symbolic link file is determined by the "hash" value using
  29 # openssl command. When the NSS database is updated, we will extract
  30 # the CA certs out of it and deliver the new set of CA certs.
  31 #
  32 
  33 CASRCDIR =      CA-certs
  34 OPENSSL =       /usr/bin/openssl
  35 
  36 CAFILES = ABAecom_sub.,_Am._Bankers_Assn._Root_CA.pem   \
  37         AddTrust_External_Root.pem      \
  38         AddTrust_Low-Value_Services_Root.pem    \
  39         AddTrust_Public_Services_Root.pem       \
  40         AddTrust_Qualified_Certificates_Root.pem        \
  41         America_Online_Root_Certification_Authority_1.pem       \
  42         America_Online_Root_Certification_Authority_2.pem       \
  43         AOL_Time_Warner_Root_Certification_Authority_1.pem      \
  44         AOL_Time_Warner_Root_Certification_Authority_2.pem      \
  45         Baltimore_CyberTrust_Root.pem   \
  46         beTRUSTed_Root_CA-Baltimore_Implementation.pem  \
  47         beTRUSTed_Root_CA_-_Entrust_Implementation.pem  \
  48         beTRUSTed_Root_CA.pem   \
  49         beTRUSTed_Root_CA_-_RSA_Implementation.pem      \
  50         Camerfirma_Chambers_of_Commerce_Root.pem        \
  51         Camerfirma_Global_Chambersign_Root.pem  \
  52         Certigna.pem    \
  53         Certplus_Class_2_Primary_CA.pem \
  54         Certum_Root_CA.pem      \
  55         Comodo_AAA_Services_root.pem    \
  56         COMODO_Certification_Authority.pem      \
  57         COMODO_ECC_Certification_Authority.pem  \
  58         Comodo_Secure_Services_root.pem \
  59         Comodo_Trusted_Services_root.pem        \
  60         ComSign_CA.pem  \
  61         ComSign_Secured_CA.pem  \
  62         Cybertrust_Global_Root.pem      \
  63         Deutsche_Telekom_Root_CA_2.pem  \
  64         DigiCert_Assured_ID_Root_CA.pem \
  65         DigiCert_Global_Root_CA.pem     \
  66         DigiCert_High_Assurance_EV_Root_CA.pem  \
  67         Digital_Signature_Trust_Co._Global_CA_1.pem     \
  68         Digital_Signature_Trust_Co._Global_CA_2.pem     \
  69         Digital_Signature_Trust_Co._Global_CA_3.pem     \
  70         Digital_Signature_Trust_Co._Global_CA_4.pem     \
  71         DST_ACES_CA_X6.pem      \
  72         DST_Root_CA_X3.pem      \
  73         Entrust.net_Global_Secure_Personal_CA.pem       \
  74         Entrust.net_Global_Secure_Server_CA.pem \
  75         Entrust.net_Premium_2048_Secure_Server_CA.pem   \
  76         Entrust.net_Secure_Personal_CA.pem      \
  77         Entrust.net_Secure_Server_CA.pem        \
  78         Entrust_Root_Certification_Authority.pem        \
  79         ePKI_Root_Certification_Authority.pem   \
  80         Equifax_Secure_CA.pem   \
  81         Equifax_Secure_eBusiness_CA_1.pem       \
  82         Equifax_Secure_eBusiness_CA_2.pem       \
  83         Equifax_Secure_Global_eBusiness_CA.pem  \
  84         Firmaprofesional_Root_CA.pem    \
  85         GeoTrust_Global_CA_2.pem        \
  86         GeoTrust_Global_CA.pem  \
  87         GeoTrust_Primary_Certification_Authority.pem    \
  88         GeoTrust_Universal_CA_2.pem     \
  89         GeoTrust_Universal_CA.pem       \
  90         GlobalSign_Root_CA.pem  \
  91         GlobalSign_Root_CA_-_R2.pem     \
  92         Go_Daddy_Class_2_CA.pem \
  93         GTE_CyberTrust_Global_Root.pem  \
  94         GTE_CyberTrust_Root_CA.pem      \
  95         IGC_A.pem       \
  96         IPS_Chained_CAs_root.pem        \
  97         IPS_CLASE1_root.pem     \
  98         IPS_CLASE3_root.pem     \
  99         IPS_CLASEA1_root.pem    \
 100         IPS_CLASEA3_root.pem    \
 101         IPS_Servidores_root.pem \
 102         IPS_Timestamping_root.pem       \
 103         MD5_Collisions_Forged_Rogue_CA_25c3.pem \
 104         Microsec_e-Szigno_Root_CA.pem   \
 105         NetLock_Business_Class_B_Root.pem       \
 106         NetLock_Express_Class_C_Root.pem        \
 107         NetLock_Notary_Class_A_Root.pem \
 108         NetLock_Qualified_Class_QA_Root.pem     \
 109         Network_Solutions_Certificate_Authority.pem     \
 110         OISTE_WISeKey_Global_Root_GA_CA.pem     \
 111         QuoVadis_Root_CA_2.pem  \
 112         QuoVadis_Root_CA_3.pem  \
 113         QuoVadis_Root_CA.pem    \
 114         RSA_Root_Certificate_1.pem      \
 115         RSA_Security_1024_v3.pem        \
 116         RSA_Security_2048_v3.pem        \
 117         Secure_Global_CA.pem    \
 118         SecureTrust_CA.pem      \
 119         Security_Communication_EV_RootCA1.pem   \
 120         Security_Communication_Root_CA.pem      \
 121         Sonera_Class_1_Root_CA.pem      \
 122         Sonera_Class_2_Root_CA.pem      \
 123         Staat_der_Nederlanden_Root_CA.pem       \
 124         Starfield_Class_2_CA.pem        \
 125         StartCom_Certification_Authority.pem    \
 126         StartCom_Ltd..pem       \
 127         S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.pem       \
 128         Swisscom_Root_CA_1.pem  \
 129         SwissSign_Gold_CA_-_G2.pem      \
 130         SwissSign_Platinum_CA_-_G2.pem  \
 131         SwissSign_Silver_CA_-_G2.pem    \
 132         Taiwan_GRCA.pem \
 133         TC_TrustCenter_Class_2_CA_II.pem        \
 134         TC_TrustCenter_Class_3_CA_II.pem        \
 135         TC_TrustCenter,_Germany,_Class_2_CA.pem \
 136         TC_TrustCenter,_Germany,_Class_3_CA.pem \
 137         TC_TrustCenter_Universal_CA_I.pem       \
 138         TDC_Internet_Root_CA.pem        \
 139         TDC_OCES_Root_CA.pem    \
 140         Thawte_Personal_Basic_CA.pem    \
 141         Thawte_Personal_Freemail_CA.pem \
 142         Thawte_Personal_Premium_CA.pem  \
 143         Thawte_Premium_Server_CA.pem    \
 144         thawte_Primary_Root_CA.pem      \
 145         Thawte_Server_CA.pem    \
 146         Thawte_Time_Stamping_CA.pem     \
 147         TURKTRUST_Certificate_Services_Provider_Root_1.pem      \
 148         TURKTRUST_Certificate_Services_Provider_Root_2.pem      \
 149         UTN_DATACorp_SGC_Root_CA.pem    \
 150         UTN_USERFirst_Email_Root_CA.pem \
 151         UTN_USERFirst_Hardware_Root_CA.pem      \
 152         UTN-USER_First-Network_Applications.pem \
 153         UTN_USERFirst_Object_Root_CA.pem        \
 154         ValiCert_Class_1_VA.pem \
 155         ValiCert_Class_2_VA.pem \
 156         Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.pem        \
 157         Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem        \
 158         Verisign_Class_1_Public_Primary_Certification_Authority.pem     \
 159         Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.pem        \
 160         Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem        \
 161         Verisign_Class_2_Public_Primary_Certification_Authority.pem     \
 162         Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.pem        \
 163         Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem        \
 164         VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem        \
 165         Verisign_Class_3_Public_Primary_Certification_Authority.pem     \
 166         Verisign_Class_4_Public_Primary_Certification_Authority_-_G2.pem        \
 167         Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.pem        \
 168         Verisign_RSA_Secure_Server_CA.pem       \
 169         Verisign_Time_Stamping_Authority_CA.pem \
 170         Visa_eCommerce_Root.pem \
 171         Visa_International_Global_Root_2.pem    \
 172         Wells_Fargo_Root_CA.pem \
 173         WellsSecure_Public_Root_Certificate_Authority.pem       \
 174         XRamp_Global_CA_Root.pem
 175 
 176 IETCCAFILES +=          $(CAFILES:%=$(ROOTETCCADIR)/%)
 177 
 178 $(ROOTETCCADIR)/%:    $(CASRCDIR)/%
 179         $(INS.file); \
 180         ROOTCALINK=$(ROOTETCCALINKDIR)/`$(OPENSSL) x509 -noout -hash -in $<`.0; \
 181         $(RM) $$ROOTCALINK; \
 182         $(LN) -s $(CATARGDIR)/$(@F) $$ROOTCALINK
 183         -ROOTCALINK=$(ROOTETCCALINKDIR)/`$(OPENSSL) x509 -noout -subject_hash_old -in $< 2>/dev/null`.0; \
 184         test "$$ROOTCALINK" = "$(ROOTETCCALINKDIR)/.0" || $(RM) $$ROOTCALINK; \
 185         test "$$ROOTCALINK" = "$(ROOTETCCALINKDIR)/.0" || $(LN) -s $(CATARGDIR)/$(@F) $$ROOTCALINK