#
bbc8585e |
|
25-Aug-2023 |
Kyle Evans <kevans@FreeBSD.org> |
caroot: drop VERSION tags from certs With this change, we'll drop the "with $FreeBSD$" lines from trusted/ certs in the next update. untrusted/ will need to be done manually, but I'll likely just do them all manually, commit, then run the script and commit any legitimate updates after confirming the output matches what I did manually. Reported by: imp Reviewed by: imp Differential Revision: https://reviews.freebsd.org/D41597
|
#
c3510c94 |
|
29-Mar-2021 |
Kyle Evans <kevans@FreeBSD.org> |
caroot: update CA bundle processor Our current processor was identified as trusting cert not explicitly marked for SERVER_AUTH, as well as certs that were tagged with DISTRUST_AFTER. Update the script to handle both scenarios. This patch was originally authored by mandree@ for ports, and it was subsequently ported to base caroot. MFC after: 3 days
|
#
a9fe8c68 |
|
01-Oct-2019 |
Kyle Evans <kevans@FreeBSD.org> |
caroot: add @generated tags to extracted .pem As is the current trend; while these files are manually curated, they are still generated. If they end up in a review, it would be helpful to also take the hint and hide them.
|
#
f27f39db |
|
01-Oct-2019 |
Kyle Evans <kevans@FreeBSD.org> |
[1/3] Initial infrastructure for SSL root bundle in base This setup will add the trusted certificates from the Mozilla NSS bundle to base. This commit includes: - CAROOT option to opt out of installation of certs - mtree amendments for final destinations - infrastructure to fetch/update certs, along with instructions A follow-up commit will add a certctl(8) utility to give the user control over trust specifics. Another follow-up commit will actually commit the initial result of updatecerts. This work was done primarily by allanjude@, with minor contributions by myself. No objection from: secteam Relnotes: yes Differential Revision: https://reviews.freebsd.org/D16856
|