# One blacklist entry per line, corresponding to the label in certdata.txt.

# MD5 Collision Proof of Concept CA
"MD5 Collisions Forged Rogue CA 25c3"

# DigiNotar Root CA (see debbug#639744)
"DigiNotar Root CA"

# StartCom and WoSign certificates are now untrusted by the major browser
# vendors[0]. See [1] for discussion. The list was generated by:
#
#   $ egrep 'WoSign|StartCom' mozilla/certdata.txt \
#         | grep UTF | sed 's/CKA_LABEL UTF8 //' | uniq
#
# [0] https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
# [1] https://bugs.debian.org/858539
#
"StartCom Certification Authority"
"StartCom Certification Authority G2"
"WoSign"
"WoSign China"
"Certification Authority of WoSign G2"
"CA WoSign ECC Root"