From e174fc967e28fce326a91518954c34700d64df45 Mon Sep 17 00:00:00 2001 From: Espressif BOT Date: Sun, 12 Mar 2023 11:00:24 +0800 Subject: [PATCH] Update common cert authorities csv --- .../esp_crt_bundle/cmn_crt_authorities.csv | 27 ++++++++++--------- .../protocols/esp_crt_bundle.rst | 2 +- 2 files changed, 16 insertions(+), 13 deletions(-) diff --git a/components/mbedtls/esp_crt_bundle/cmn_crt_authorities.csv b/components/mbedtls/esp_crt_bundle/cmn_crt_authorities.csv index 249ecf4223..0e10c70139 100644 --- a/components/mbedtls/esp_crt_bundle/cmn_crt_authorities.csv +++ b/components/mbedtls/esp_crt_bundle/cmn_crt_authorities.csv @@ -5,7 +5,6 @@ Amazon Trust Services,Amazon Root CA 3 Amazon Trust Services,Amazon Root CA 4 Amazon Trust Services,Starfield Services Root Certificate Authority - G2 DigiCert,Baltimore CyberTrust Root -DigiCert,Cybertrust Global Root DigiCert,DigiCert Assured ID Root CA DigiCert,DigiCert Assured ID Root G2 DigiCert,DigiCert Assured ID Root G3 @@ -13,25 +12,29 @@ DigiCert,DigiCert Global Root CA DigiCert,DigiCert Global Root G2 DigiCert,DigiCert Global Root G3 DigiCert,DigiCert High Assurance EV Root CA +DigiCert,DigiCert TLS ECC P384 Root G5 +DigiCert,DigiCert TLS RSA4096 Root G5 DigiCert,DigiCert Trusted Root G4 -GlobalSign,GlobalSign ECC Root CA - R5 -GlobalSign,GlobalSign Root CA - R3 -GlobalSign,GlobalSign Root CA - R6 -GlobalSign,GlobalSign Root CA +GlobalSign nv-sa,GlobalSign Root CA - R3 +GlobalSign nv-sa,GlobalSign ECC Root CA - R5 +GlobalSign nv-sa,GlobalSign Root CA - R6 +GlobalSign nv-sa,GlobalSign Root CA +GlobalSign nv-sa,GlobalSign Root E46 +GlobalSign nv-sa,GlobalSign Root R46 GoDaddy,Go Daddy Class 2 CA GoDaddy,Go Daddy Root Certificate Authority - G2 GoDaddy,Starfield Class 2 CA GoDaddy,Starfield Root Certificate Authority - G2 -Google Trust Services LLC (GTS),GlobalSign ECC Root CA - R4 -Google Trust Services LLC (GTS),GlobalSign Root CA - R2 -Google Trust Services LLC (GTS),GTS Root R1 -Google Trust Services LLC (GTS),GTS Root R2 -Google Trust Services LLC (GTS),GTS Root R3 -Google Trust Services LLC (GTS),GTS Root R4 +Google Trust Services LLC,GlobalSign ECC Root CA - R4 +Google Trust Services LLC,GTS Root R1 +Google Trust Services LLC,GTS Root R2 +Google Trust Services LLC,GTS Root R3 +Google Trust Services LLC,GTS Root R4 "IdenTrust Services, LLC",DST Root CA X3 "IdenTrust Services, LLC",IdenTrust Commercial Root CA 1 "IdenTrust Services, LLC",IdenTrust Public Sector Root CA 1 -Sectigo,Comodo AAA Services root +Internet Security Research Group,ISRG Root X1 +Internet Security Research Group,ISRG Root X2 Sectigo,COMODO Certification Authority Sectigo,COMODO ECC Certification Authority Sectigo,COMODO RSA Certification Authority diff --git a/docs/en/api-reference/protocols/esp_crt_bundle.rst b/docs/en/api-reference/protocols/esp_crt_bundle.rst index a2ef6dcde6..7167165768 100644 --- a/docs/en/api-reference/protocols/esp_crt_bundle.rst +++ b/docs/en/api-reference/protocols/esp_crt_bundle.rst @@ -13,7 +13,7 @@ The bundle comes with the complete list of root certificates from Mozilla’s NS When generating the bundle you may choose between: * The full root certificate bundle from Mozilla, containing more than 130 certificates. The current bundle was updated Tue Jan 10 04:12:06 2023 GMT. - * A pre-selected filter list of the name of the most commonly used root certificates, reducing the amount of certificates to around 35 while still having around 90 % coverage according to market share statistics. + * A pre-selected filter list of the name of the most commonly used root certificates, reducing the amount of certificates to around 41 while still having around 90% absolute usage coverage and 99% market share coverage according to SSL certificate authorities statistics. In addition it is possible to specify a path to a certificate file or a directory containing certificates which then will be added to the generated bundle.