update NSS builtin certstore to Dec 2022 version from mozilla upstream.

This commit is contained in:
roytam1 2022-12-07 13:09:02 +08:00
parent 764157d2fb
commit 11c7eadeb0
2 changed files with 2343 additions and 1508 deletions

File diff suppressed because it is too large Load Diff

View File

@ -18,41 +18,42 @@
#define NSS_BUILTINS_CRYPTOKI_VERSION_MAJOR 2 #define NSS_BUILTINS_CRYPTOKI_VERSION_MAJOR 2
#define NSS_BUILTINS_CRYPTOKI_VERSION_MINOR 20 #define NSS_BUILTINS_CRYPTOKI_VERSION_MINOR 20
/* These version numbers detail the changes /* These version numbers detail the changes
* to the list of trusted certificates. * to the list of trusted certificates.
* *
* The NSS_BUILTINS_LIBRARY_VERSION_MINOR macro needs to be bumped * The NSS_BUILTINS_LIBRARY_VERSION_MINOR macro needs to be bumped
* for each NSS minor release AND whenever we change the list of * whenever we change the list of trusted certificates.
* trusted certificates. 10 minor versions are allocated for each *
* NSS 3.x branch as follows, allowing us to change the list of * Please use the following rules when increasing the version number:
* trusted certificates up to 9 times on each branch. *
* - NSS 3.5 branch: 3-9 * - starting with version 2.14, NSS_BUILTINS_LIBRARY_VERSION_MINOR
* - NSS 3.6 branch: 10-19 * must always be an EVEN number (e.g. 16, 18, 20 etc.)
* - NSS 3.7 branch: 20-29 *
* - NSS 3.8 branch: 30-39 * - whenever possible, if older branches require a modification to the
* - NSS 3.9 branch: 40-49 * list, these changes should be made on the main line of development (trunk),
* - NSS 3.10 branch: 50-59 * and the older branches should update to the most recent list.
* - NSS 3.11 branch: 60-69 *
* ... * - ODD minor version numbers are reserved to indicate a snapshot that has
* - NSS 3.12 branch: 70-89 * deviated from the main line of development, e.g. if it was necessary
* - NSS 3.13 branch: 90-99 * to modify the list on a stable branch.
* - NSS 3.14 branch: 100-109 * Once the version has been changed to an odd number (e.g. 2.13) on a branch,
* ... * it should remain unchanged on that branch, even if further changes are
* - NSS 3.29 branch: 250-255 * made on that branch.
* *
* NSS_BUILTINS_LIBRARY_VERSION_MINOR is a CK_BYTE. It's not clear * NSS_BUILTINS_LIBRARY_VERSION_MINOR is a CK_BYTE. It's not clear
* whether we may use its full range (0-255) or only 0-99 because * whether we may use its full range (0-255) or only 0-99 because
* of the comment in the CK_VERSION type definition. * of the comment in the CK_VERSION type definition.
* It's recommend to switch back to 0 after having reached version 98/99.
*/ */
#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2 #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 54 #define NSS_BUILTINS_LIBRARY_VERSION_MINOR 60
#define NSS_BUILTINS_LIBRARY_VERSION "2.54" #define NSS_BUILTINS_LIBRARY_VERSION "2.60"
/* These version numbers detail the semantic changes to the ckfw engine. */ /* These version numbers detail the semantic changes to the ckfw engine. */
#define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1 #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
#define NSS_BUILTINS_HARDWARE_VERSION_MINOR 0 #define NSS_BUILTINS_HARDWARE_VERSION_MINOR 0
/* These version numbers detail the semantic changes to ckbi itself /* These version numbers detail the semantic changes to ckbi itself
* (new PKCS #11 objects), etc. */ * (new PKCS #11 objects), etc. */
#define NSS_BUILTINS_FIRMWARE_VERSION_MAJOR 1 #define NSS_BUILTINS_FIRMWARE_VERSION_MAJOR 1
#define NSS_BUILTINS_FIRMWARE_VERSION_MINOR 0 #define NSS_BUILTINS_FIRMWARE_VERSION_MINOR 0