On Mon, Dec 31, 2012 at 01:41:27AM -0700, Landry Breuil wrote: > CVSROOT: /cvs > Module name: ports > Changes by: lan...@cvs.openbsd.org 2012/12/31 01:41:27 > > Modified files: > security/nss : Makefile distinfo > > Log message: > Update to nss-3.14.1.with.ckbi.1.93, which explicitely distrusts > "TURKTRUST Mis-issued Intermediate CA 1" & "TURKTRUST Mis-issued > Intermediate CA 2". > (added in #768547, removed in #825022)
And for people interested in the details of that security issue : http://lwn.net/Articles/531346/ https://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/ http://googleonlinesecurity.blogspot.fr/2013/01/enhancing-digital-certificate-security.html provide more info on it. Basically, a fraudulent cert for *.google.com was issued by an intermediate CA mistakenly issued by TURKTRUST. oops.
