Changeset 8d7edaae


Ignore:
Timestamp:
Nov 26, 2015 12:54:37 PM (5 years ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
9ce8fce
Parents:
92bb2db
Message:

Block DSDTestProvider CA cert

File:
1 edited

Legend:

Unmodified
Added
Removed
  • core/java/src/net/i2p/crypto/KeyStoreUtil.java

    r92bb2db r8d7edaae  
    4141
    4242    /**
    43      *  No reports of these in a Java keystore but just to be safe...
     43     *  No reports of some of these in a Java keystore but just to be safe...
     44     *  CNNIC ones are in Ubuntu keystore.
    4445     */
    4546    private static final BigInteger[] BLACKLIST_SERIAL = new BigInteger[] {
     
    5152        new BigInteger("d2:fc:13:87:a9:44:dc:e7".replace(":", ""), 16),
    5253        // eDellRoot https://www.reddit.com/r/technology/comments/3twmfv/dell_ships_laptops_with_rogue_root_ca_exactly/
    53         new BigInteger("6b:c5:7b:95:18:93:aa:97:4b:62:4a:c0:88:fc:3b:b6".replace(":", ""), 16)
     54        new BigInteger("6b:c5:7b:95:18:93:aa:97:4b:62:4a:c0:88:fc:3b:b6".replace(":", ""), 16),
     55        // DSDTestProvider https://blog.hboeck.de/archives/876-Superfish-2.0-Dangerous-Certificate-on-Dell-Laptops-breaks-encrypted-HTTPS-Connections.html
     56        // serial number is actually negative; hex string as reported by certtool below
     57        //new BigInteger("a4:4c:38:47:f8:ee:71:80:43:4d:b1:80:b9:a7:e9:62".replace(":", ""), 16)
     58        new BigInteger("-5b:b3:c7:b8:07:11:8e:7f:bc:b2:4e:7f:46:58:16:9e".replace(":", ""), 16)
    5459    };
    5560
     
    6469        "China Internet Network Information Center EV Certificates Root",
    6570        "Superfish, Inc.",
    66         "eDellRoot"
     71        "eDellRoot",
     72        "DSDTestProvider"
    6773    };
    6874
     
    319325            info("Read X509 Certificate from " + file.getAbsolutePath() +
    320326                          " Issuer: " + cert.getIssuerX500Principal() +
     327                          " Serial: " + cert.getSerialNumber().toString(16) +
    321328                          "; Valid From: " + cert.getNotBefore() +
    322329                          " To: " + cert.getNotAfter());
Note: See TracChangeset for help on using the changeset viewer.