Re: updating ca-bundle.crt

2005-07-06 Thread Ralf S. Engelschall 
On Wed, Feb 02, 2005, Joe Orton wrote:

> There was some discussion on modssl-users a while back on this topic; we
> had some concerns about extracting ca-bundle.crt directly from the
> Mozilla CA list sources.  But after discussing this with Frank Hecker
> and some others there is agreement that there are no licensing issues
> here really.
>
> So, attached is a Perl script which regenerates ca-bundle.crt directly
> from the Mozilla certdata.txt: Ralf, feel free to include this in
> mod_ssl or just update the mod_ssl ca-bundle.crt using it ;)

Thanks, Joe. I'll include this script into mod_ssl 2.8.23 together
with its latest output.

   Ralf S. Engelschall
   [EMAIL PROTECTED]
   www.engelschall.com

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]

updating ca-bundle.crt

2005-02-02 Thread Joe Orton 
There was some discussion on modssl-users a while back on this topic; we
had some concerns about extracting ca-bundle.crt directly from the
Mozilla CA list sources.  But after discussing this with Frank Hecker 
and some others there is agreement that there are no licensing issues 
here really.

So, attached is a Perl script which regenerates ca-bundle.crt directly
from the Mozilla certdata.txt: Ralf, feel free to include this in
mod_ssl or just update the mod_ssl ca-bundle.crt using it ;)

joe



#!/usr/bin/perl -w
#
# Used to regenerate ca-bundle.crt from the Mozilla certdata.txt.
# Run as ./mkcabundle.pl > ca-bundle.crt
#

my $cvsroot = ':pserver:[EMAIL PROTECTED]:/cvsroot';
my $certdata = 'mozilla/security/nss/lib/ckfw/builtins/certdata.txt';

open(IN, "cvs -d $cvsroot co -p $certdata|")
|| die "could not check out certdata.txt";

my $incert = 0;

print<) {
if (/^CKA_VALUE MULTILINE_OCTAL/) {
$incert = 1;
open(OUT, "|openssl x509 -text -inform DER -fingerprint")
|| die "could not pipe to openssl x509";
} elsif (/^END/ && $incert) {
close(OUT);
$incert = 0;
print "\n\n";
} elsif ($incert) {
my @bs = split(/\\/);
foreach my $b (@bs) {
chomp $b;
printf(OUT "%c", oct($b)) unless $b eq '';
}
} elsif (/^CVS_ID.*Revision: ([^ ]*).*/) {
print "# Generated from certdata.txt RCS revision $1\n#\n";
}
}

RE: Again: "License" of ca-bundle.crt

2004-06-17 Thread Dave Paris 
Yes, without equivocation, databases can be protected by copyright.  I do agree with 
Joe about the originality and creativity requirement, since this is necessary public 
information.

Much better information:
http://www.bitlaw.com/copyright/database.html

Kind Regards,
-dsp

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Joe Orton
> Sent: Wednesday, June 16, 2004 4:27 PM
> To: AIDA Shinra
> Cc: [EMAIL PROTECTED]
> Subject: Re: Again: "License" of ca-bundle.crt
> 
> 
> On Thu, Jun 17, 2004 at 05:09:31AM +0900, AIDA Shinra wrote:
> > Hello,
> > 
> > I am packaging sole ca-bundle.crt for Fink.
> > 
> http://sourceforge.net/tracker/index.php?func=detail&aid=928157&gr
> oup_id=17203&atid=414256
> > 
> > Fink package system has "License" field. I must fill it. What is the
> > "license" of sole ca-bundle.crt? Mod_ssl license? Or nothing like
> > "license"?
> 
> It's a tricky legal question, I think.
> 
> The original source of the ca-bundle.crt was a database shipped with the
> Netscape browser.  It's possible to derive a new ca-bundle.crt from the
> Mozilla source code, which is what Debian do in their ca-certificates
> package.  Debian say that the resultant CA certificate bundle is
> licensed under the MPL, as its source in Mozilla is.
> 
> But can a database be copyrighted?  Can a database made up of copies of
> necessarily-public CA certificates published by third parties be
> copyrighted?  It is somewhat lacking in "originality", which is one of
> the requirements for US copyright law to apply, at least.
> 
> You may be better of asking a lawyer, unfortunately!
> 
> joe
> __
> Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
> User Support Mailing List  [EMAIL PROTECTED]
> Automated List Manager[EMAIL PROTECTED]
> 
> 


__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

RE: Again: "License" of ca-bundle.crt

2004-06-16 Thread Thierry Cabuzel 
> > -Message d'origine-
> > De : [EMAIL PROTECTED]
> > Envoyà : mercredi 16 juin 2004 22:27
> > Ã : AIDA Shinra
> > Cc : [EMAIL PROTECTED]
> > Objet : Re: Again: "License" of ca-bundle.crt
> > 
> > 
> > On Thu, Jun 17, 2004 at 05:09:31AM +0900, AIDA Shinra wrote:
> > > Hello,
> > > 
> > > I am packaging sole ca-bundle.crt for Fink.
> > > 
> > http://sourceforge.net/tracker/index.php?func=detail&aid=928157&gr
> oup_id=17203&atid=414256
> > 
> > Fink package system has "License" field. I must fill it. What is the
> > "license" of sole ca-bundle.crt? Mod_ssl license? Or nothing like
> > "license"?
> 
> It's a tricky legal question, I think.
> 
> The original source of the ca-bundle.crt was a database shipped with the
> Netscape browser.  It's possible to derive a new ca-bundle.crt from the
> Mozilla source code, which is what Debian do in their ca-certificates
> package.  Debian say that the resultant CA certificate bundle is
> licensed under the MPL, as its source in Mozilla is.
> 
> But can a database be copyrighted?  Can a database made up of copies of
> necessarily-public CA certificates published by third parties be
> copyrighted?  It is somewhat lacking in "originality", which is one of
> the requirements for US copyright law to apply, at least.
> 
> You may be better of asking a lawyer, unfortunately!
> 
> joe

I am not american, but if I remember correctly, as an american you can
copyright a database. The length is 20, 25 or 50 years protection but I don't 
remember.
And Yes, you can copyright a database with certificates as you can copyright
a database with the name of those who live in your town. It is not because 
the datas are public that the database can't be copyrighted...

Thierry

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Again: "License" of ca-bundle.crt

2004-06-16 Thread Joe Orton 
On Thu, Jun 17, 2004 at 05:09:31AM +0900, AIDA Shinra wrote:
> Hello,
> 
> I am packaging sole ca-bundle.crt for Fink.
> http://sourceforge.net/tracker/index.php?func=detail&aid=928157&group_id=17203&atid=414256
> 
> Fink package system has "License" field. I must fill it. What is the
> "license" of sole ca-bundle.crt? Mod_ssl license? Or nothing like
> "license"?

It's a tricky legal question, I think.

The original source of the ca-bundle.crt was a database shipped with the
Netscape browser.  It's possible to derive a new ca-bundle.crt from the
Mozilla source code, which is what Debian do in their ca-certificates
package.  Debian say that the resultant CA certificate bundle is
licensed under the MPL, as its source in Mozilla is.

But can a database be copyrighted?  Can a database made up of copies of
necessarily-public CA certificates published by third parties be
copyrighted?  It is somewhat lacking in "originality", which is one of
the requirements for US copyright law to apply, at least.

You may be better of asking a lawyer, unfortunately!

joe
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Again: "License" of ca-bundle.crt

2004-06-16 Thread AIDA Shinra 
Hello,

I am packaging sole ca-bundle.crt for Fink.
http://sourceforge.net/tracker/index.php?func=detail&aid=928157&group_id=17203&atid=414256

Fink package system has "License" field. I must fill it. What is the
"license" of sole ca-bundle.crt? Mod_ssl license? Or nothing like
"license"?

I sent before but no response except "vacation". Before clarifying it
I can't take any action.
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

"License" of ca-bundle.crt

2004-05-21 Thread a . moon 
I am away on paternity leave for the next few days.  
Please contact OLSU if urgent, otherwise i will get back 
to you as soon as possible on my return.


__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

"License" of ca-bundle.crt

2004-05-21 Thread AIDA Shinra 
Hello,

I am packaging sole ca-bundle.crt for Fink.
http://sourceforge.net/tracker/index.php?func=detail&aid=928157&group_id=17203&atid=414256

Fink package system has "License" field. I must fill it. What is the
"license" of sole ca-bundle.crt? Mod_ssl license? Or nothing like
"license"?
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: ca-bundle.crt

2000-11-10 Thread Ralf S. Engelschall 

On Wed, Nov 08, 2000, Saicharan K wrote:

> There is a file named "ca-bundle.crt" in the mod-ssl distribution. This
> file basically contains a bundle of X.509 certificates of all
> Certificate authorities. Does anybody know how this file is created and
> if there is a location where I can find the source for this?

Look for certbundle-1.0.tar.gz in the contrib area of www.modssl.org.

   Ralf S. Engelschall
   [EMAIL PROTECTED]
   www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

ca-bundle.crt

2000-11-08 Thread Saicharan K 

Hi,

There is a file named "ca-bundle.crt" in the mod-ssl distribution. This
file basically contains a bundle of X.509 certificates of all
Certificate authorities. Does anybody know how this file is created and
if there is a location where I can find the source for this?

thanks,
Sai
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

ca-bundle.crt

2000-11-07 Thread Saicharan K 

Hi,

There is a file named "ca-bundle.crt" in the mod-ssl distribution. This
file basically contains a bundle of X.509 certificates of all
Certificate authorities. Does anybody know how this file is created and
if there is a location where I can find the source for this?

thanks,
Sai
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Updated ca-bundle.crt file

1999-10-24 Thread Ralf S. Engelschall 


Today I've again (as one year ago) extracted all certificates from Netscape
Communicator 4.7's cert7.db file and bundled them together into a
ca-bundle.crt file for use with mod_ssl's SSLCACertificatePath directive. The
ca-bundle.crt file is appended. It will be (later) also included in mod_ssl
2.4.7, too. It contains the following CA certs:

ABAecom (sub., Am. Bankers Assn.) Root CA
ANX Network CA by DST
Access America by DST
American Express CA
American Express Global CA
BelSign Object Publishing CA
BelSign Secure Server CA
Deutsche Telekom AG Root CA
Digital Signature Trust Co. Global CA 1
Digital Signature Trust Co. Global CA 2
Entrust Worldwide by DST
Equifax Premium CA
Equifax Secure CA
GTE CyberTrust Global Root
GTE CyberTrust Japan Root CA
GTE CyberTrust Japan Secure Server CA
GTE CyberTrust Root 2
GTE CyberTrust Root 3
GTE CyberTrust Root 4
GTE CyberTrust Root 5
GTE CyberTrust Root CA
GlobalSign Partners CA
GlobalSign Primary Class 1 CA
GlobalSign Primary Class 2 CA
GlobalSign Primary Class 3 CA
GlobalSign Root CA
National Retail Federation by DST
Novell E-Commerce Community by DST
TC TrustCenter, Germany, Class 0 CA
TC TrustCenter, Germany, Class 1 CA
TC TrustCenter, Germany, Class 2 CA
TC TrustCenter, Germany, Class 3 CA
TC TrustCenter, Germany, Class 4 CA
Thawte Personal Basic CA
Thawte Personal Freemail CA
Thawte Personal Premium CA
Thawte Premium Server CA
Thawte Server CA
UPS Document Exchange by DST
VeriSign Class 4 Primary CA
Verisign Class 1 Public Primary Certification Authority
Verisign Class 1 Public Primary Certification Authority - G2
Verisign Class 2 Public Primary Certification Authority
Verisign Class 2 Public Primary Certification Authority - G2
Verisign Class 3 Public Primary Certification Authority
Verisign Class 3 Public Primary Certification Authority - G2
Verisign Class 4 Public Primary Certification Authority - G2
Verisign/RSA Commercial CA
Verisign/RSA Secure Server CA

   Ralf S. Engelschall
   [EMAIL PROTECTED]
   www.engelschall.com

##
##  ca-cert-bundle.pem -- Bundle of CA Certificates
##  Last Modified: Fri Oct 22 17:15:27 CEST 1999
##
##  This is a bundle of X.509 certificates of public
##  Certificate Authorities (CA). These were automatically
##  extracted from Netscape Communicator's certificate database
##  (the file `cert7.db'). It contains the certificates in both
##  plain text and PEM format and therefore can be directly used
##  with an Apache+mod_ssl webserver for SSL client authentication.
##  Just configure this file as the SSLCACertificateFile.
##

ABAecom (sub., Am. Bankers Assn.) Root CA
=
MD5 Fingerprint: BA:D9:60:04:63:E6:92:07:3C:C5:38:93:66:38:24:FE
PEM Data:
-BEGIN CERTIFICATE-
MIIDkjCCAnqgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBgzELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAkRDMRMwEQYDVQQHEwpXYXNoaW5ndG9uMRcwFQYDVQQKEw5BQkEu
RUNPTSwgSW5jLjEZMBcGA1UEAxMQQUJBLkVDT00gUm9vdCBDQTEeMBwGCSqGSIb3
DQEJARYPa2RhZ3Vpb0BhYmEuY29tMB4XDTk4MDcyOTE2NTk1MloXDTA1MDcyNzE2
NTk1MlowgYMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJEQzETMBEGA1UEBxMKV2Fz
aGluZ3RvbjEXMBUGA1UEChMOQUJBLkVDT00sIEluYy4xGTAXBgNVBAMTEEFCQS5F
Q09NIFJvb3QgQ0ExHjAcBgkqhkiG9w0BCQEWD2tkYWd1aW9AYWJhLmNvbTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMae3L3cDgkaUcaSm5lrjGmJvhvF
ohFOhGYNmfH/H5mhM9a0kouli57Wp5DEybSBGp6HUP9zVqdtEFsIE6asCKkaIHIa
DzN0sVixVm81Nj0zXpPjmgK1obfxbzEFNQ3XoA/OMmexPUj2SYuisf5GgC4/7EQN
FKfeuhDXvAn/VZZRF05luCegEpEA9bc7Ur2oNT4T0xhRvRb3fRIBiTc768GiYEK+
QBzTd2hv+LQHfma542pUDaboHGDi7+6drWPsk2udrWMOno8jlhcF/Oh11hQ16i2D
mvZVjpNNsYziQWJk0P1G0/kVeo5G1EjbNge1b3JlD3BHdBW87oNQzk72r90CAwEA
AaMPMA0wCwYDVR0PBAQDAgLUMA0GCSqGSIb3DQEBBQUAA4IBAQBobiY2tbG5cy5Y
88T6IXNua5n4739dw7v3GyaeotvxbzI/5NjejwuXiE6bNp3RhWABmMdovkPBBoBn
JuMZwXZG3VfOxPa54d2cxyoEYZUpuXa/f93fs5fPmMsz5AXUyi3Z4xIpXhjoPwXM
aN5mX6LB15EExfCQSEFgW6hC85lUL6s3FVwTyTasHxaTWV1vXjkToFrSvTAPeGg8
ptYvOS8ME51zN+daqhu3HsGRKb+Z8lqYclOV9IAyznxRb7XNSpnc44MbwcGdchyU
vjtfIwfoAWmL22SjjLIFKQFSfX5zrRHnLDVqCyMKGnnfcqLRR5/I61zt/szuAQkw
sV/IDA62
-END CERTIFICATE-
Certificate Ingredients:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=DC, L=Washington, O=ABA.ECOM, Inc., CN=ABA.ECOM Root 
[EMAIL PROTECTED]
Validity
Not Before: Jul 29 16:59:52 1998 GMT
Not After : Jul 27 16:59:52 2005 GMT
Subject: C=US, ST=DC, L=Washington, O=ABA.ECOM, Inc., CN=ABA.ECOM Root 
[EMAIL PROTECTED]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:c6:9e:dc:bd:dc:0e:09:1a:51:c6:92:9b:99:6b:
8c:69:89:be:1b:c5:a2:11:4e:84:66:0d:99:f1:ff:
1f:99:a1:33:d6:b4:92:8b:a5:8b:9e:d6:a7:90:c4:
c9:b4:81:1a:9e:87:5