certs: Sync with Mozilla bundle as of Oct 19, 2024

[akien-mga]

bagder/ca-bundle@4d3fe66

Include certdata.txt as the original source for the processed data.

I'll cherry-pick this to all Godot branches, including EOL ones, which should resolve #98851.

[dustdfg]

Am I correctly understand that it will affect only git repo without affecting binary at all?

[akien-mga]

Am I correctly understand that it will affect only git repo without affecting binary at all?

There's two elements in this PR:

• ca-certificates.crt is updated to a newer version, this affects binaries by removing outdated CA certificates and adding new valid ones.
• certdata.txt is provided for documentation purposes and isn't used anywhere. It's just adding 1.5 MB of diff to our Git history for the sake of satisfying a license claim I'm doubtful about, but heh /shrug

[AThousandShips]

Making the relevant file local makes sense for future proofing

[Repiteo]

Superfluous, but harmless

[akien-mga]

Actually I'll rework this, I'm having second thoughts about including a source file of cryptic data in our repo when we don't need it. Instead, I'll included the hash of the relevant Mozilla commit used by bagder in thirdparty/README.md.

[Jayman2000]

Instead, I'll included the hash of the relevant Mozilla commit used by bagder in thirdparty/README.md.

Here’s a tip (since I had to find a bunch of these in order to add the table to the ca-bundle README): the most surefire way to find the hash is to go to here and then find the push that came right before the timestamp that’s in ca-certificates.crt. I had originally tried doing this with hg log instead of the pushlog, but it didn’t work well because some commits were made on one date but then pushed to the relevant branch on a later date. The pushlog is the way to go.

[akien-mga]

Cherry-picked for all Git branches (4.3, 4.2, 4.1, 4.0, 3.x, 3.6, 3.5, etc. down to 2.1, which is the first release with ca certificates).