# HG changeset patch
# User Aleksej Bobylev <al.bobylev@gmail.com>
# Date 1429139318 -10800
# Node ID c9c960507486647b26435a76f61c5ba6d1043df9
# Parent  4660dacfa5c47009478677755decfcca499956f0
cacerts: remove CNNIC Root Certificate (nothing else changed).

diff -r 4660dacfa5c4 -r c9c960507486 cacerts/receipt
--- a/cacerts/receipt	Thu Apr 16 02:02:30 2015 +0300
+++ b/cacerts/receipt	Thu Apr 16 02:08:38 2015 +0300
@@ -1,7 +1,7 @@
 # SliTaz package receipt.
 
 PACKAGE="cacerts"
-VERSION="20150325"
+VERSION="20150415"
 CATEGORY="security"
 SHORT_DESC="Certificate Authority Certificates"
 MAINTAINER="al.bobylev@gmail.com"
@@ -18,6 +18,7 @@
 compile_rules()
 {
 	mv -f *.txt certdata.txt &&
+	patch -p1 < $stuff/remove_cnnic.patch &&
 	cp -a $stuff/* $src &&
 	./make-ca.sh &&
 	./remove-expired-certs.sh $src/certs
diff -r 4660dacfa5c4 -r c9c960507486 cacerts/stuff/remove_cnnic.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/cacerts/stuff/remove_cnnic.patch	Thu Apr 16 02:08:38 2015 +0300
@@ -0,0 +1,7 @@
+# Remove CNNIC Root certificate (temporarily)
+# http://googleonlinesecurity.blogspot.com/2015/03/maintaining-digital-certificate-security.html
+--- a/certdata.txt
++++ b/certdata.txt
+@@ -14889 +14889 @@
+-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
++CKA_TRUST_SERVER_AUTH TRUST_UNKNOWN