|
Revision tags: release/14.0.0 |
|
| #
bbc8585e |
| 26-Aug-2023 |
Kyle Evans <kevans@FreeBSD.org> |
caroot: drop VERSION tags from certs
With this change, we'll drop the "with $FreeBSD$" lines from trusted/
certs in the next update. untrusted/ will need to be done manually, but
I'll likely just do
caroot: drop VERSION tags from certs
With this change, we'll drop the "with $FreeBSD$" lines from trusted/
certs in the next update. untrusted/ will need to be done manually, but
I'll likely just do them all manually, commit, then run the script and
commit any legitimate updates after confirming the output matches what
I did manually.
Reported by: imp
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D41597
show more ...
|
|
Revision tags: release/13.2.0, release/12.4.0, release/13.1.0, release/12.3.0, release/13.0.0 |
|
| #
c3510c94 |
| 30-Mar-2021 |
Kyle Evans <kevans@FreeBSD.org> |
caroot: update CA bundle processor
Our current processor was identified as trusting cert not explicitly
marked for SERVER_AUTH, as well as certs that were tagged with
DISTRUST_AFTER.
Update the scr
caroot: update CA bundle processor
Our current processor was identified as trusting cert not explicitly
marked for SERVER_AUTH, as well as certs that were tagged with
DISTRUST_AFTER.
Update the script to handle both scenarios. This patch was originally
authored by mandree@ for ports, and it was subsequently ported to base
caroot.
MFC after: 3 days
show more ...
|
|
Revision tags: release/12.2.0, release/11.4.0, release/12.1.0 |
|
| #
8b3bc70a |
| 08-Oct-2019 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r352764 through r353315.
|
| #
a9fe8c68 |
| 02-Oct-2019 |
Kyle Evans <kevans@FreeBSD.org> |
caroot: add @generated tags to extracted .pem
As is the current trend; while these files are manually curated, they are
still generated. If they end up in a review, it would be helpful to also
take
caroot: add @generated tags to extracted .pem
As is the current trend; while these files are manually curated, they are
still generated. If they end up in a review, it would be helpful to also
take the hint and hide them.
show more ...
|
| #
f27f39db |
| 02-Oct-2019 |
Kyle Evans <kevans@FreeBSD.org> |
[1/3] Initial infrastructure for SSL root bundle in base
This setup will add the trusted certificates from the Mozilla NSS bundle
to base.
This commit includes:
- CAROOT option to opt out of instal
[1/3] Initial infrastructure for SSL root bundle in base
This setup will add the trusted certificates from the Mozilla NSS bundle
to base.
This commit includes:
- CAROOT option to opt out of installation of certs
- mtree amendments for final destinations
- infrastructure to fetch/update certs, along with instructions
A follow-up commit will add a certctl(8) utility to give the user control
over trust specifics. Another follow-up commit will actually commit the
initial result of updatecerts.
This work was done primarily by allanjude@, with minor contributions by
myself.
No objection from: secteam
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D16856
show more ...
|