Merge pull request #3 from brianhlin/SOFTWARE-4387.new-intermediate-ca

jbasney · web-flow · commit 2edf3b703e27 · 2020-12-10T11:29:04.000-06:00
New Let's Encrypt intermediate CAs - thanks @brianhlin
diff --git a/Makefile b/Makefile
@@ -1,13 +1,22 @@
-sources = isrgrootx1.signing_policy.txt \
-          letsencryptauthorityx3.signing_policy.txt \
-          letsencryptauthorityx4.signing_policy.txt
+sources = isrgrootx1.signing_policy \
+          letsencryptauthorityx3.signing_policy \
+          letsencryptauthorityx4.signing_policy \
+          lets-encrypt-r3.signing_policy \
+          lets-encrypt-r4.signing_policy \
 
 targets = 23c2f850.signing_policy 4042bcee.signing_policy \
           4a0a35c0.signing_policy 4f06f81d.signing_policy \
           6187b673.signing_policy 929e297e.signing_policy \
-          23c2f850.0 4042bcee.0 4a0a35c0.0 4f06f81d.0 6187b673.0 929e297e.0 \
-          isrgrootx1.pem.txt \
-          letsencryptauthorityx3.pem.txt letsencryptauthorityx4.pem.txt
+          8d33f237.signing_policy dec71a0b.signing_policy \
+          9f194ecd.signing_policy dd7d39a7.signing_policy \
+          23c2f850.0 4042bcee.0 \
+          4a0a35c0.0 4f06f81d.0 \
+          6187b673.0 8d33f237.0 \
+          929e297e.0 9f194ecd.0 \
+          dec71a0b.0 dd7d39a7.0 \
+          isrgrootx1.pem \
+          letsencryptauthorityx3.pem letsencryptauthorityx4.pem \
+          lets-encrypt-r3.pem lets-encrypt-r4.pem
 
 installfiles = $(targets) $(sources)
 
@@ -23,41 +32,61 @@ install : all
 	$(INSTALL) $(installfiles) $(DESTDIR)$(installdir)
 
 clean :
-	$(RM) *.0 *.signing_policy *.pem.txt
+	$(RM) $(targets) *.pem
 
 check : all
-	openssl verify -CApath . letsencryptauthorityx3.pem.txt
-	openssl verify -CApath . letsencryptauthorityx4.pem.txt
-
-23c2f850.signing_policy : letsencryptauthorityx4.signing_policy.txt
-	$(LINK) letsencryptauthorityx4.signing_policy.txt 23c2f850.signing_policy
-4042bcee.signing_policy : isrgrootx1.signing_policy.txt
-	$(LINK) isrgrootx1.signing_policy.txt 4042bcee.signing_policy
-4a0a35c0.signing_policy : letsencryptauthorityx3.signing_policy.txt
-	$(LINK) letsencryptauthorityx3.signing_policy.txt 4a0a35c0.signing_policy
-4f06f81d.signing_policy : letsencryptauthorityx3.signing_policy.txt
-	$(LINK) letsencryptauthorityx3.signing_policy.txt 4f06f81d.signing_policy
-6187b673.signing_policy : isrgrootx1.signing_policy.txt
-	$(LINK) isrgrootx1.signing_policy.txt 6187b673.signing_policy
-929e297e.signing_policy : letsencryptauthorityx4.signing_policy.txt
-	$(LINK) letsencryptauthorityx4.signing_policy.txt 929e297e.signing_policy
-
-23c2f850.0 : letsencryptauthorityx4.pem.txt
-	$(LINK) letsencryptauthorityx4.pem.txt 23c2f850.0
-4042bcee.0 : isrgrootx1.pem.txt
-	$(LINK) isrgrootx1.pem.txt 4042bcee.0
-4a0a35c0.0 : letsencryptauthorityx3.pem.txt
-	$(LINK) letsencryptauthorityx3.pem.txt 4a0a35c0.0
-4f06f81d.0 : letsencryptauthorityx3.pem.txt
-	$(LINK) letsencryptauthorityx3.pem.txt 4f06f81d.0
-6187b673.0 : isrgrootx1.pem.txt
-	$(LINK) isrgrootx1.pem.txt 6187b673.0
-929e297e.0 : letsencryptauthorityx4.pem.txt
-	$(LINK) letsencryptauthorityx4.pem.txt 929e297e.0
-
-isrgrootx1.pem.txt :
-	$(GET) https://letsencrypt.org/certs/isrgrootx1.pem.txt
-letsencryptauthorityx3.pem.txt :
-	$(GET) https://letsencrypt.org/certs/letsencryptauthorityx3.pem.txt
-letsencryptauthorityx4.pem.txt :
-	$(GET) https://letsencrypt.org/certs/letsencryptauthorityx4.pem.txt
+	openssl verify -CApath . letsencryptauthorityx3.pem
+	openssl verify -CApath . letsencryptauthorityx4.pem
+
+23c2f850.signing_policy : letsencryptauthorityx4.signing_policy
+	$(LINK) letsencryptauthorityx4.signing_policy 23c2f850.signing_policy
+4042bcee.signing_policy : isrgrootx1.signing_policy
+	$(LINK) isrgrootx1.signing_policy 4042bcee.signing_policy
+4a0a35c0.signing_policy : letsencryptauthorityx3.signing_policy
+	$(LINK) letsencryptauthorityx3.signing_policy 4a0a35c0.signing_policy
+4f06f81d.signing_policy : letsencryptauthorityx3.signing_policy
+	$(LINK) letsencryptauthorityx3.signing_policy 4f06f81d.signing_policy
+6187b673.signing_policy : isrgrootx1.signing_policy
+	$(LINK) isrgrootx1.signing_policy 6187b673.signing_policy
+8d33f237.signing_policy : lets-encrypt-r3.signing_policy
+	$(LINK) lets-encrypt-r3.signing_policy 8d33f237.signing_policy
+929e297e.signing_policy : letsencryptauthorityx4.signing_policy
+	$(LINK) letsencryptauthorityx4.signing_policy 929e297e.signing_policy
+9f194ecd.signing_policy : lets-encrypt-r4.signing_policy
+	$(LINK) lets-encrypt-r4.signing_policy 9f194ecd.signing_policy
+dec71a0b.signing_policy : lets-encrypt-r3.signing_policy
+	$(LINK) lets-encrypt-r3.signing_policy dec71a0b.signing_policy
+dd7d39a7.signing_policy : lets-encrypt-r4.signing_policy
+	$(LINK) lets-encrypt-r4.signing_policy dd7d39a7.signing_policy
+
+23c2f850.0 : letsencryptauthorityx4.pem
+	$(LINK) letsencryptauthorityx4.pem 23c2f850.0
+4042bcee.0 : isrgrootx1.pem
+	$(LINK) isrgrootx1.pem 4042bcee.0
+4a0a35c0.0 : letsencryptauthorityx3.pem
+	$(LINK) letsencryptauthorityx3.pem 4a0a35c0.0
+4f06f81d.0 : letsencryptauthorityx3.pem
+	$(LINK) letsencryptauthorityx3.pem 4f06f81d.0
+6187b673.0 : isrgrootx1.pem
+	$(LINK) isrgrootx1.pem 6187b673.0
+8d33f237.0 : lets-encrypt-r3.pem
+	$(LINK) lets-encrypt-r3.pem 8d33f237.0
+929e297e.0 : letsencryptauthorityx4.pem
+	$(LINK) letsencryptauthorityx4.pem 929e297e.0
+9f194ecd.0 : lets-encrypt-r4.pem
+	$(LINK) lets-encrypt-r4.pem 9f194ecd.0
+dec71a0b.0 : lets-encrypt-r3.pem
+	$(LINK) lets-encrypt-r3.pem dec71a0b.0
+dd7d39a7.0 : lets-encrypt-r4.pem
+	$(LINK) lets-encrypt-r4.pem dd7d39a7.0
+
+isrgrootx1.pem :
+	$(GET) https://letsencrypt.org/certs/isrgrootx1.pem
+lets-encrypt-r3.pem :
+	$(GET) https://letsencrypt.org/certs/lets-encrypt-r3.pem
+lets-encrypt-r4.pem :
+	$(GET) https://letsencrypt.org/certs/lets-encrypt-r4.pem
+letsencryptauthorityx3.pem :
+	$(GET) https://letsencrypt.org/certs/letsencryptauthorityx3.pem
+letsencryptauthorityx4.pem :
+	$(GET) https://letsencrypt.org/certs/letsencryptauthorityx4.pem
diff --git a/isrgrootx1.signing_policy b/isrgrootx1.signing_policy
@@ -1,3 +1,3 @@
 access_id_CA   X509    '/C=US/O=Internet Security Research Group/CN=ISRG Root X1'
 pos_rights     globus  CA:sign
-cond_subjects  globus  '"/C=US/O=Let\'s Encrypt/CN=Let\'s Encrypt Authority X3" "/C=US/O=Let\'s Encrypt/CN=Let\'s Encrypt Authority X4"'
+cond_subjects  globus  '"/C=US/O=Let\'s Encrypt/CN=Let\'s Encrypt Authority X3" "/C=US/O=Let\'s Encrypt/CN=Let\'s Encrypt Authority X4" "/C=US/O=Let\'s Encrypt/CN=R3" "/C=US/O=Let\'s Encrypt/CN=R4"'
diff --git a/lets-encrypt-r3.signing_policy b/lets-encrypt-r3.signing_policy
@@ -0,0 +1,3 @@
+access_id_CA   X509    '/C=US/O=Let\'s Encrypt/CN=R3'
+pos_rights     globus  CA:sign
+cond_subjects  globus  '"/CN=*"'
diff --git a/lets-encrypt-r4.signing_policy b/lets-encrypt-r4.signing_policy
@@ -0,0 +1,3 @@
+access_id_CA   X509    '/C=US/O=Let\'s Encrypt/CN=R4'
+pos_rights     globus  CA:sign
+cond_subjects  globus  '"/CN=*"'
diff --git a/letsencryptauthorityx3.signing_policy b/letsencryptauthorityx3.signing_policy
diff --git a/letsencryptauthorityx4.signing_policy b/letsencryptauthorityx4.signing_policy

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+access_id_CA X509 '/C=US/O=Let\'s Encrypt/CN=R3'`
	`2`	`+pos_rights globus CA:sign`
	`3`	`+cond_subjects globus '"/CN=*"'`