History log of /freebsd/secure/caroot/trusted/SZAFIR_ROOT_CA2.pem (Results 1 – 6 of 6)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
Revision tags: release/14.0.0
# 8ed0ecf8 26-Aug-2023 Kyle Evans <kevans@FreeBSD.org>

caroot: regenerate the root bundle with OpenSSL 3

No functional change intended.


# 3f84d4b0 26-Aug-2023 Kyle Evans <kevans@FreeBSD.org>

caroot: drop the VERSION tag from already-processed certs

An update is imminent; drop these now to make it easier to audit the
results.


Revision tags: release/13.2.0, release/12.4.0, release/13.1.0, release/12.3.0
# 3016c5c2 13-Apr-2021 Kyle Evans <kevans@FreeBSD.org>

caroot: reroll the remaining certs

This adds a specific note that these are explicitly trusted for
server auth.

MFC after: 3 days


Revision tags: release/13.0.0
# f20c0e33 28-Dec-2020 Kyle Evans <kevans@FreeBSD.org>

caroot: drop $FreeBSD$ expansion from root bundle

This debatably could have waited until the next update would have taken
place, but it's easier to see what changes if we get it out of the way
now.

caroot: drop $FreeBSD$ expansion from root bundle

This debatably could have waited until the next update would have taken
place, but it's easier to see what changes if we get it out of the way
now.

MFC after: 3 days

show more ...


Revision tags: release/12.2.0, release/11.4.0, release/12.1.0
# 8b3bc70a 08-Oct-2019 Dimitry Andric <dim@FreeBSD.org>

Merge ^/head r352764 through r353315.


# b25bf676 04-Oct-2019 Kyle Evans <kevans@FreeBSD.org>

caroot: commit initial bundle

Interested users can blacklist any/all of these with certctl(8), examples:

- mv /usr/share/certs/trusted/... /usr/share/certs/blacklisted/...; \
certctl rehash
- c

caroot: commit initial bundle

Interested users can blacklist any/all of these with certctl(8), examples:

- mv /usr/share/certs/trusted/... /usr/share/certs/blacklisted/...; \
certctl rehash
- certctl blacklist /usr/share/certs/trusted/*; \
certctl rehash

Certs can be easily examined after installation with `certctl list`, and
certctl blacklist will accept the hashed filename as output by list or as
seen in /etc/ssl/certs

No objection from: secteam
Relnotes: Definite maybe

show more ...