🔥 HOT: Changeset/ - Collection

Get WordPress

Make WordPress Core

Changeset 60027


Ignore:
Timestamp:
03/17/2025 04:51:05 PM (10 months ago)
Author:
desrosj
Message:

Security: Update bundled Root Certificates.

The Root Certificate bundle maintained by Mozilla ships in WordPress to allow SSL certificates to be verified on hosts with incomplete, outdated, or invalid local SSL configurations.

This updates the ca-bundle.crt file to the latest version, which applies upstream changes from the bundle maintained by Mozilla and keeps all unexpired legacy 1024bit certificates which are kept for backward compatibility purposes (see [35919]).

Partially merges [34283], [35919], [36570], [37431], [46094], [58707], [59740] and [59969] to the 4.3 branch.

Props johnbillion, desrosj, whyisjake, ayeshrajans, SergeyBiryukov, swissspidy, skithund, barry, paragoninitiativeenterprises, ocean90, DrewAPicture, dd32, rmccue.
See #62811, #62711, #50828, #45807, #36835, #34935.

Location:
branches/4.3
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • branches/4.3

  • branches/4.3/src/wp-includes/certificates/ca-bundle.crt

    r30765 r60027  
    11##
    2 ## src/wp-includes/certificates/ca-bundle.crt -- Bundle of CA Root Certificates
     2## Bundle of CA Root Certificates
    33##
    4 ## Certificate data from Mozilla as of: Tue Jan 28 09:38:07 2014
     4## WordPress Modification - We prepend some unexpired 'legacy' 1024bit certificates
     5## for backward compatibility. See https://core.trac.wordpress.org/ticket/34935#comment:10
    56##
    6 ## This is a bundle of X.509 certificates of public Certificate Authorities
    7 ## (CA). These were automatically extracted from Mozilla's root certificates
    8 ## file (certdata.txt).  This file can be found in the mozilla source tree:
    9 ## http://mxr.mozilla.org/mozilla-release/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1
    10 ##
    11 ## It contains the certificates in PEM format and therefore
    12 ## can be directly used with curl / libcurl / php_curl, or with
    13 ## an Apache+mod_ssl webserver for SSL client authentication.
    14 ## Just configure this file as the SSLCACertificateFile.
    15 ##
    16 
    17 
    18 EE Certification Centre Root CA
    19 ===============================
    20 -----BEGIN CERTIFICATE-----
    21 MIIEAzCCAuugAwIBAgIQVID5oHPtPwBMyonY43HmSjANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQG
    22 EwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEoMCYGA1UEAwwfRUUgQ2Vy
    23 dGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlMCIYDzIw
    24 MTAxMDMwMTAxMDMwWhgPMjAzMDEyMTcyMzU5NTlaMHUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlB
    25 UyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMSgwJgYDVQQDDB9FRSBDZXJ0aWZpY2F0aW9uIENlbnRy
    26 ZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
    27 DwAwggEKAoIBAQDIIMDs4MVLqwd4lfNE7vsLDP90jmG7sWLqI9iroWUyeuuOF0+W2Ap7kaJjbMeM
    28 TC55v6kF/GlclY1i+blw7cNRfdCT5mzrMEvhvH2/UpvObntl8jixwKIy72KyaOBhU8E2lf/slLo2
    29 rpwcpzIP5Xy0xm90/XsY6KxX7QYgSzIwWFv9zajmofxwvI6Sc9uXp3whrj3B9UiHbCe9nyV0gVWw
    30 93X2PaRka9ZP585ArQ/dMtO8ihJTmMmJ+xAdTX7Nfh9WDSFwhfYggx/2uh8Ej+p3iDXE/+pOoYtN
    31 P2MbRMNE1CV2yreN1x5KZmTNXMWcg+HCCIia7E6j8T4cLNlsHaFLAgMBAAGjgYowgYcwDwYDVR0T
    32 AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBLyWj7qVhy/zQas8fElyalL1BSZ
    33 MEUGA1UdJQQ+MDwGCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEF
    34 BQcDCAYIKwYBBQUHAwkwDQYJKoZIhvcNAQEFBQADggEBAHv25MANqhlHt01Xo/6tu7Fq1Q+e2+Rj
    35 xY6hUFaTlrg4wCQiZrxTFGGVv9DHKpY5P30osxBAIWrEr7BSdxjhlthWXePdNl4dp1BUoMUq5KqM
    36 lIpPnTX/dqQGE5Gion0ARD9V04I8GtVbvFZMIi5GQ4okQC3zErg7cBqklrkar4dBGmoYDQZPxz5u
    37 uSlNDUmJEYcyW+ZLBMjkXOZ0c5RdFpgTlf7727FE5TpwrDdr5rMzcijJs1eg9gIWiAYLtqZLICjU
    38 3j2LrTcFU3T+bsy8QxdxXvnFzBqpYe73dgzzcvRyrc9yAjYHR8/vGVCJYMzpJJUPwssd8m92kMfM
    39 dcGWxZ0=
    40 -----END CERTIFICATE-----
    41 
    42 GTE CyberTrust Global Root
    43 ==========================
    44 -----BEGIN CERTIFICATE-----
    45 MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9HVEUg
    46 Q29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNvbHV0aW9ucywgSW5jLjEjMCEG
    47 A1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJvb3QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEz
    48 MjM1OTAwWjB1MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQL
    49 Ex5HVEUgQ3liZXJUcnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0
    50 IEdsb2JhbCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVD6C28FCc6HrHiM3dFw4u
    51 sJTQGz0O9pTAipTHBsiQl8i4ZBp6fmw8U+E3KHNgf7KXUwefU/ltWJTSr41tiGeA5u2ylc9yMcql
    52 HHK6XALnZELn+aks1joNrI1CqiQBOeacPwGFVw1Yh0X404Wqk2kmhXBIgD8SFcd5tB8FLztimQID
    53 AQABMA0GCSqGSIb3DQEBBAUAA4GBAG3rGwnpXtlR22ciYaQqPEh346B8pt5zohQDhT37qw4wxYMW
    54 M4ETCJ57NE7fQMh017l93PR2VX2bY1QY6fDq81yx2YtCHrnAlU66+tXifPVoYb+O7AWXX1uw16OF
    55 NMQkpw0PlZPvy5TYnh+dXIVtx6quTx8itc2VrbqnzPmrC3p/
    56 -----END CERTIFICATE-----
    57 
    58 Thawte Server CA
    59 ================
    60 -----BEGIN CERTIFICATE-----
    61 MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMCWkExFTATBgNVBAgT