crypto: update root certificates
Update the list of root certificates in src/node_root_certs.h with tools/mk-ca-bundle.pl.
Certificates added:
- GDCA TrustAUTH R5 ROOT
- SSL.com EV Root Certification Authority ECC
- SSL.com EV Root Certification Authority RSA R2
- SSL.com Root Certification Authority ECC
- SSL.com Root Certification Authority RSA
- TrustCor ECA-1
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
Certificates removed:
- ACEDICOM Root
- AddTrust Low-Value Services Root
- AddTrust Public Services Root
- AddTrust ualified Certificates Root
- CA Disig Root R1
- Camerfirma Chambers of Commerce Root
- Camerfirma Global Chambersign Root
- CA WoSign ECC Root
- Certification Authority of WoSign G2
- Certinomis - Autorité Racine
- Certum Root CA
- China Internet Network Information Center EV Certificates Root
- CNNIC ROOT
- Comodo Secure Services root
- Comodo Trusted Services root
- DST ACES CA X6
- GeoTrust Global CA 2
- PSCProcert
- Security Communication EV RootCA1
- StartCom Certification Authority
- StartCom Certification Authority
- StartCom Certification Authority G2
- Swisscom Root CA 1
- Swisscom Root CA 2
- Swisscom Root EV CA 2
- TUBITAK UEKAE Kok Sertifika Hizmet Saglayicisi - Surum 3
- TURKTRUST Certificate Services Provider Root 2007
- UTN USERFirst Hardware Root CA
- WoSign
- WoSign China
Needs a decision on how to backport. I've pulled apart the CNNIC and StartCom removals; do we want to backport those (and if so, to what release branches) or apply only in Node.js 10?
cc @nodejs/crypto - this needs your input.
edit: discussion in https://github.com/nodejs/node/issues/9434 is relevant.