[Cherry-pick M123] Block new Kazakhstan known-interception root
(cherry picked from commit 520c4f3ee56cec350b5280e8d123a1c37dde069b)
Bug: 328297261
Change-Id: Ia080459e007873959174041f5d262f6d4cd8ebd1
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5346348
Auto-Submit: Joe DeBlasio <jdeblasio@chromium.org>
Reviewed-by: David Benjamin <davidben@chromium.org>
Commit-Queue: David Benjamin <davidben@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#1269087}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5366676
Commit-Queue: Joe DeBlasio <jdeblasio@chromium.org>
Cr-Commit-Position: refs/branch-heads/6312@{#551}
Cr-Branched-From: 6711dcdae48edaf98cbc6964f90fac85b7d9986e-refs/heads/main@{#1262506}
diff --git a/net/cert/cert_verify_proc_blocklist.inc b/net/cert/cert_verify_proc_blocklist.inc
index f6a55da..c7808b3 100644
--- a/net/cert/cert_verify_proc_blocklist.inc
+++ b/net/cert/cert_verify_proc_blocklist.inc
@@ -391,6 +391,10 @@
{0x02, 0xa9, 0x5f, 0x43, 0x43, 0x10, 0x19, 0xe9, 0xdc, 0x22, 0x5f,
0x05, 0xf4, 0x19, 0x33, 0x01, 0x90, 0xde, 0xb4, 0xa3, 0xf1, 0x86,
0x9c, 0xaa, 0xc9, 0x84, 0x2b, 0x40, 0x3d, 0xcb, 0xee, 0x77},
+ // 89107c8e50e029b7b5f4ff0ccd2956bcc9d0c8ba2bfb6a58374ed63a6b034a30.pem
+ {0x89, 0x28, 0xc5, 0x93, 0x98, 0xb0, 0xf1, 0x71, 0xc0, 0xf9, 0x6f,
+ 0xda, 0xe6, 0xab, 0x8d, 0xd0, 0xf4, 0x8e, 0xe0, 0x6d, 0x17, 0x4d,
+ 0xa1, 0x0c, 0x40, 0x4a, 0xc0, 0x01, 0x43, 0xc7, 0xa7, 0x49},
};
// Hashes of SubjectPublicKeyInfos known to be used for interception by a
@@ -432,4 +436,8 @@
{0x02, 0xa9, 0x5f, 0x43, 0x43, 0x10, 0x19, 0xe9, 0xdc, 0x22, 0x5f, 0x05,
0xf4, 0x19, 0x33, 0x01, 0x90, 0xde, 0xb4, 0xa3, 0xf1, 0x86, 0x9c, 0xaa,
0xc9, 0x84, 0x2b, 0x40, 0x3d, 0xcb, 0xee, 0x77},
+ // 89107c8e50e029b7b5f4ff0ccd2956bcc9d0c8ba2bfb6a58374ed63a6b034a30.pem
+ {0x89, 0x28, 0xc5, 0x93, 0x98, 0xb0, 0xf1, 0x71, 0xc0, 0xf9, 0x6f,
+ 0xda, 0xe6, 0xab, 0x8d, 0xd0, 0xf4, 0x8e, 0xe0, 0x6d, 0x17, 0x4d,
+ 0xa1, 0x0c, 0x40, 0x4a, 0xc0, 0x01, 0x43, 0xc7, 0xa7, 0x49},
};
diff --git a/net/data/ssl/blocklist/89107c8e50e029b7b5f4ff0ccd2956bcc9d0c8ba2bfb6a58374ed63a6b034a30.pem b/net/data/ssl/blocklist/89107c8e50e029b7b5f4ff0ccd2956bcc9d0c8ba2bfb6a58374ed63a6b034a30.pem
new file mode 100644
index 0000000..c17c6a4
--- /dev/null
+++ b/net/data/ssl/blocklist/89107c8e50e029b7b5f4ff0ccd2956bcc9d0c8ba2bfb6a58374ed63a6b034a30.pem
@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGDTCCA/WgAwIBAgIUMgQS30wvsQLzmAyqdrphCuYshJIwDQYJKoZIhvcNAQEL
+BQAwUzE1MDMGA1UEAxMsSW5mb3JtYXRpb24gU2VjdXJpdHkgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkxDTALBgNVBAoTBElTQ0ExCzAJBgNVBAYTAktaMCAXDTIwMDIy
+ODA2MTY0MFoYDzIwNTAwMjI4MDYxNjQwWjBTMTUwMwYDVQQDEyxJbmZvcm1hdGlv
+biBTZWN1cml0eSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTENMAsGA1UEChMESVND
+QTELMAkGA1UEBhMCS1owggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC0
+ee+cFTpzGRlf9un1RXuaQssXWfzVJBMkDAwd6Ri+khQFTLJ5llzoj1Dcp4z3Va32
+Z3yg03DTHLJDDLAZzxW4lTJBK2ULMZY1qccB6XmLw6IggaIh8sGYkX9f7sHwqiOu
+MIpw9IGTaJahX8MCrSV0ACuCLisjUBBplUIlKMeQPLL63N9/0Pua6xhTP56JQW6h
+NoMmWfBit8GlUtDYnEI60x+Ch4u/lFBrbn9Pdv6PJXIVdCI+lU3Gt4hz+R2YQ3lB
+XZPNCopREkDMdh0Cs5pK0EVdKIID7tc9ox8bKK1O8ux8ra8QbhQ3O6thVcmwobWr
+ZRFMSJ6Azy1Rq3/0//ipLnnoHp7e/SOjgPIpT78Na2v+AKQBudifVryoAjOoShu4
+jydWQok1EWQFUShVaxZGQ2mEz2wlKB2vf7A9N5AJIMzO916xFsOOegbFA4+f0e9L
+my08H9nzLlIp2Fo8GcfaP424II9l35w/Xloo5o7d+F+vpRayOUIdHdXKwJA3kEf9
+fgfXlmhuSoKpLqHDaNH16CIPtoms7pCMVbiG2DJ/WzUWd9V1iP3gFnP/ugGkLpVH
+tdBamUCwVNK2kou7DPMPraA6D5wVLK4/FWSJ8fpgdQBaWEIgEpEZ4Gs1b7DkPJWg
+dIT+DP7d+wqgA+IM0WE3XY1uAEYk4Ft5ZiF6iGfsEwIDAQABo4HWMIHTMA8GA1Ud
+EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSyBBLfTC+xAvOY
+DKp2umEK5iyEkjCBkAYDVR0jBIGIMIGFgBSyBBLfTC+xAvOYDKp2umEK5iyEkqFX
+pFUwUzE1MDMGA1UEAxMsSW5mb3JtYXRpb24gU2VjdXJpdHkgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkxDTALBgNVBAoTBElTQ0ExCzAJBgNVBAYTAktaghQyBBLfTC+x
+AvOYDKp2umEK5iyEkjANBgkqhkiG9w0BAQsFAAOCAgEAMw3Hs8SwI+2S5SL2JmnV
+lUklLp3gqd1ORsrQmrXkmfir0/XLZQZ2VryrzxqqfKqLwzBZHZFqnjl0xWNQOINy
+bWMJjxri6s1HCPkM5N/z4Chfww8V/9SumKRcPpmc9BnUZRTEzSWn0sUo4VnTwDXR
+DG6+IqdgPLyzVAcHs49K4T+2zv/FDgigUjEk545jkx4WWotOzSzbWWR1HB8zzXaR
+Cn3Gzb5TGBhOqetqDTlJ/i4+jT9LO4XjPh5UthuT3gHioEzdXw/YaYZlBPeZh4eK
+8ES5KW3IHs0pA63EvCV0PNBArMGDNgn/OsKwCja7fI+OsafSEZvRB+iX2Lud3Ky0
+AmngkE4RAy4Y24RxxFLufXtgNXpiyt1lUQBNcjByNLQA9xisD9VmJ5NEkLtXvhCd
+EA6nKJDiv43/7Lwwp3Iz82Ygj9JEnyPhYufe9ncnHEnJ+WQRw2+VFVA7K/kwcoah
+nc9YCXRiP6xNJEZ4SBKYyDZUGfqk+LO7yqguQLDBirfAK8kK/W8VV1M9uzqq9cky
+uWOx1wU/D+y8BeeG8bNZC/mJdxI5ugvsJlZFdkREoJNDyJ91GpG05arSHMPYP1j/
+yqgyPCOSvKFb4S71OgKn6p65O8hYG5pT/qh678Osm+IWS2xu3ag7i1RKK2XL5QHN
+NUZ23AoJpn6wXGaPloaFuEY=
+-----END CERTIFICATE-----
diff --git a/net/data/ssl/blocklist/README.md b/net/data/ssl/blocklist/README.md
index 28ec117..5fef6a17 100644
--- a/net/data/ssl/blocklist/README.md
+++ b/net/data/ssl/blocklist/README.md
@@ -322,6 +322,7 @@
* [0bd39de4793cdc117138f47708aa4d583acf67adb059a0d91f668d1803bf6489.pem](0bd39de4793cdc117138f47708aa4d583acf67adb059a0d91f668d1803bf6489.pem)
* [c95c133b68319ee516b5f41e377f589878af1556567cc2834ef03b1d10830fd3.pem](c95c133b68319ee516b5f41e377f589878af1556567cc2834ef03b1d10830fd3.pem)
* [c530fadc9bfa265e63b755cc6ee04c2d70d60bb916ce2f331dc7359362571b25.pem](c530fadc9bfa265e63b755cc6ee04c2d70d60bb916ce2f331dc7359362571b25.pem)
+ * [89107c8e50e029b7b5f4ff0ccd2956bcc9d0c8ba2bfb6a58374ed63a6b034a30.pem](89107c8e50e029b7b5f4ff0ccd2956bcc9d0c8ba2bfb6a58374ed63a6b034a30.pem)
### revoked.badssl.com