| Index: net/data/ssl/wosign/README.md
|
| diff --git a/net/data/ssl/wosign/README.md b/net/data/ssl/wosign/README.md
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..2c53dafbdf1d9cc21f3debbd9b06f6b99bc52c15
|
| --- /dev/null
|
| +++ b/net/data/ssl/wosign/README.md
|
| @@ -0,0 +1,19 @@
|
| +# WoSign Certificates
|
| +
|
| +This directory contains the set of known active and legacy root certificates
|
| +operated by WoSign CA Limited, including those of its wholly owned subisiary
|
| +StartCom.
|
| +
|
| +Trust in these root certificates is being phased out, as described at
|
| +<https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html>
|
| +
|
| +## Roots
|
| +
|
| +The files in this directory are organized by the SHA-256 hash of the
|
| +certificate file, while the policies are based on the SHA-256 hash of
|
| +the subjectPublicKeyInfo contained within the certificate.
|
| +
|
| +The following command can be used to extract the key hashes:
|
| +
|
| +`` for f in *.pem; do openssl x509 -noout -pubkey -in "${f}" | openssl asn1parse -inform pem -out /tmp/pubkey.out -noout; digest=`cat /tmp/pubkey.out | openssl dgst -sha256 -c | sed s/:/,0x/g `; echo "0x${digest} ${f##*/}"; done | sort ``
|
| +
|
|
|
Chromium Code Reviews
Issue 2509613002:
Distrust new WoSign/StartCom certificates (Closed)
