The script mk-ca-bundle.pl generates a CA bundle from Mozilla NSS's certdata.txt. Recently Mozilla has introduced two new fields. The new fields CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER encode a date after which the certificates are considered distrusted.
mk-ca-bundle.pl should not add certs that have CKA_NSS_SERVER_DISTRUST_AFTER after the current date. The field is either a CK_BBOOL with value CK_FALSE or a MULTILINE_OCTAL that encodes the date as octal string "YYMMDDHHMMSSZ", e.g. \062\060\060\066\061\067\060\060\060\060\060\060\132 == 200617000000Z == 2020-06-17 00:00:00Z.
https://bugzilla.mozilla.org/show_bug.cgi?id=1465613
The script
mk-ca-bundle.plgenerates a CA bundle from Mozilla NSS's certdata.txt. Recently Mozilla has introduced two new fields. The new fieldsCKA_NSS_SERVER_DISTRUST_AFTERandCKA_NSS_EMAIL_DISTRUST_AFTERencode a date after which the certificates are considered distrusted.mk-ca-bundle.plshould not add certs that haveCKA_NSS_SERVER_DISTRUST_AFTERafter the current date. The field is either aCK_BBOOLwith valueCK_FALSEor aMULTILINE_OCTALthat encodes the date as octal string "YYMMDDHHMMSSZ", e.g.\062\060\060\066\061\067\060\060\060\060\060\060\132==200617000000Z== 2020-06-17 00:00:00Z.https://bugzilla.mozilla.org/show_bug.cgi?id=1465613