From nobody Tue Feb 06 11:03:12 2024 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TTgMz0LQcz59DwQ for ; Tue, 6 Feb 2024 11:03:27 +0000 (UTC) (envelope-from john@johnrshannon.com) Received: from mailb.johnrshannon.com (mailb.johnrshannon.com [104.153.32.125]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4TTgMy1VrSz4HXt for ; Tue, 6 Feb 2024 11:03:26 +0000 (UTC) (envelope-from john@johnrshannon.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=johnrshannon.com header.s=dkim header.b=oy0lnTlw; dmarc=pass (policy=reject) header.from=johnrshannon.com; spf=pass (mx1.freebsd.org: domain of john@johnrshannon.com designates 104.153.32.125 as permitted sender) smtp.mailfrom=john@johnrshannon.com Received: from [10.8.0.2] (librem.mobile.johnrshannon.com [10.8.0.2]) by mailb.johnrshannon.com (Postfix) with ESMTP id C06B5541 for ; Tue, 6 Feb 2024 04:03:12 -0700 (MST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=johnrshannon.com; s=dkim; t=1707217392; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type; bh=pJLbq46zbYiCe85bPfth+/F7MtMxKWanMogqdqyUNL0=; b=oy0lnTlwggmkP1OAcpidzdextlwHGslRDcSdFnZCKSdxWxBzGsVlbqu6EebYj/tlVgdJ8o SzLCujvCFOoObFtBKNgaBxyZjHR9gvfuSxMbAxsz1i434Njji+Og+tma6dxN0eU4O9xtup E5gEXSs/T10CyQ+tIaljpPquQzkbjUNmcuQMGe8b5m0R+N84WicFAGGiG9LaM2I6A5Lo+c AVzv95Dkb9PzUQiE2eKieeWnf8yeznKX4WWmoUyn5caHXpkFntSHdxRHSYUFP2M6gE7ArV 299zx5Z2qQojY2hv3d5A8z5zZD5CG8khGTIrIGRslb30JAKtrbcjDAnZMRoLLw== Message-ID: <9dfe7129-b0f8-4c45-8650-58a81ecd357d@johnrshannon.com> Date: Tue, 6 Feb 2024 04:03:12 -0700 List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US To: freebsd-questions@freebsd.org From: john Subject: CA Authorities problem with Firefox and Thunderbird Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms040709050300050406020206" X-Spamd-Bar: ------ X-Spamd-Result: default: False [-6.09 / 15.00]; SIGNED_SMIME(-2.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.999]; DMARC_POLICY_ALLOW(-0.50)[johnrshannon.com,reject]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; R_DKIM_ALLOW(-0.20)[johnrshannon.com:s=dkim]; R_SPF_ALLOW(-0.20)[+mx:c]; XM_UA_NO_VERSION(0.01)[]; HAS_ATTACHMENT(0.00)[]; ARC_NA(0.00)[]; RCVD_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:32444, ipnet:104.153.32.0/24, country:US]; MIME_TRACE(0.00)[0:+,1:+,2:~]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MLMMJ_DEST(0.00)[freebsd-questions@freebsd.org]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; DKIM_TRACE(0.00)[johnrshannon.com:+] X-Rspamd-Queue-Id: 4TTgMy1VrSz4HXt This is a cryptographically signed message in MIME format. --------------ms040709050300050406020206 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit After my last pkg upgrade Firefox and Thunderbird both show no Authorities under Certificate Manager in settings. Missing are all the certificates listed by certctl along with DoD CAs added through Firefox import and site CA added through Thunderbird import. Command line use of: % openssl s_client -connect google.com:443 -CAfile /usr/local/etc/ssl/cert.pem works as does other software using TLS. Pkg versions: firefox-122.0_3,2 thunderbird-115.7.0_1 nss-3.97 sqlite3-3.45.0_1,1 ca_root_nss-3.93_2 $ freebsd-version 14.0-RELEASE-p4 -- John R. Shannon john@johnrshannon.com --------------ms040709050300050406020206 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC DIowggXrMIIE06ADAgECAhBAAYbcr4/Up3TgWUPRaYfVMA0GCSqGSIb3DQEBCwUAMDoxCzAJ BgNVBAYTAlVTMRIwEAYDVQQKEwlJZGVuVHJ1c3QxFzAVBgNVBAMTDlRydXN0SUQgQ0EgQTEz MB4XDTIzMDMxMzIwMzUzOFoXDTI0MDMxNjIwMzQzOFowgYcxLjAsBgNVBAsMJVZlcmlmaWVk IEVtYWlsOiBqb2huQGpvaG5yc2hhbm5vbi5jb20xJDAiBgkqhkiG9w0BCQEWFWpvaG5Aam9o bnJzaGFubm9uLmNvbTEvMC0GCgmSJomT8ixkAQETH0EwMTQxMEQwMDAwMDE4NkRDQUY4RkJE MDAwMEM1MEQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDja/NC3apeJSLeLD7a L6cbqTcmM+LEmSIn+bFsNSvcM4JegDOWZEKKUPSK0iRlhQK/gnrpSB0LjfkriKlaSjB8lKu5 CaMhAg/m4DlRUkGW1KUU+ZnYmtYI3vj86l4246boSzZayJmpFg/DreJtzWYO6VtR7W/vMGMz SNIkigwewt7t7r4djD/4JlEHGC2SN5DEifHmFylKdyKgrag4yG+O4TSSHIBOUTQdTZV98vzS Af2WcXTsbdXxX8pXEY9lCk1waAq2aZLJQ15tt9ghONRzkZK/t/qkNYK/Z/5P1JnAugLpKagV p4lRqyVUqxOTCGd8d4R80T+nYvcwWDRyk8MJAgMBAAGjggKdMIICmTAOBgNVHQ8BAf8EBAMC BaAwgYQGCCsGAQUFBwEBBHgwdjAwBggrBgEFBQcwAYYkaHR0cDovL2NvbW1lcmNpYWwub2Nz cC5pZGVudHJ1c3QuY29tMEIGCCsGAQUFBzAChjZodHRwOi8vdmFsaWRhdGlvbi5pZGVudHJ1 c3QuY29tL2NlcnRzL3RydXN0aWRjYWExMy5wN2MwHwYDVR0jBBgwFoAULbfeG1l+KpguzeHU G+PFEBJe6RQwCQYDVR0TBAIwADCCASsGA1UdIASCASIwggEeMIIBGgYLYIZIAYb5LwAGCwEw ggEJMEoGCCsGAQUFBwIBFj5odHRwczovL3NlY3VyZS5pZGVudHJ1c3QuY29tL2NlcnRpZmlj YXRlcy9wb2xpY3kvdHMvaW5kZXguaHRtbDCBugYIKwYBBQUHAgIwga0MgapUaGlzIFRydXN0 SUQgQ2VydGlmaWNhdGUgaGFzIGJlZW4gaXNzdWVkIGluIGFjY29yZGFuY2Ugd2l0aCBJZGVu VHJ1c3QncyBUcnVzdElEIENlcnRpZmljYXRlIFBvbGljeSBmb3VuZCBhdCBodHRwczovL3Nl Y3VyZS5pZGVudHJ1c3QuY29tL2NlcnRpZmljYXRlcy9wb2xpY3kvdHMvaW5kZXguaHRtbDBF BgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vdmFsaWRhdGlvbi5pZGVudHJ1c3QuY29tL2NybC90 cnVzdGlkY2FhMTMuY3JsMCAGA1UdEQQZMBeBFWpvaG5Aam9obnJzaGFubm9uLmNvbTAdBgNV HQ4EFgQUXfYnYHXNX0LMDeORczvZ9Q3pyC8wHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUF BwMEMA0GCSqGSIb3DQEBCwUAA4IBAQBDozgHxkTRY8SDiyyZMQ1kBbcdDroLvu/FqnyQ+mvs AOJTw2nd+IoNR5KOplmp/SmytgN7djjoDETFbtbDQPvFZ65RfuBAh9BauZObZbokfaKP2wv/ 5oEFXB4cL9QU6l8DeTihE7OClQ5xqoqXAaONhPSvmhve3jPf/DkigyPllXceI0djK5arC87T AzzD9NXhm/po2HY3Fl7mO7xywcnq0P7RZcLJpH4Hdw1opkdiUI3dYYv2QDj8EYrLXLO4c2J6 WvW0g8JlFUOzvX7eubVz2RKrQYtcUjBITjkYkYoPy2YsSByg9CnoCxz8wMiDQ+uupWrEO5aK b+k7IOVrarmYMIIGlzCCBH+gAwIBAgIQQAFwOzq6gYzJPK6eDrjUEjANBgkqhkiG9w0BAQsF ADBKMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1 c3QgQ29tbWVyY2lhbCBSb290IENBIDEwHhcNMjAwMjEyMjEwNzQ5WhcNMzAwMjEyMjEwNzQ5 WjA6MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MRcwFQYDVQQDEw5UcnVzdElE IENBIEExMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALurFDtNUgw/fTzPkHWZ DcSsSTbdDYEBPmbeosWjT9CSko03fkhuS8KsQVo5zoCP93ZcILUjXje+wIErPqwOGyuBie+X FGWQDVF0SsP3rfKX/UJ+oqoAetznR8QTf9eSmzNx0fj8oh10KFFSHrwilvJ55Vp52Wm09RXo zoUUSlVIORwAhjk35wjjja5cZYPptVY4J6NbjajbizP45A9c+qYTWfxvSH2RiNKaR1+QAP21 YlnHl9uPFZnnzYUkdeAA2SbZQAFjotrp9N26qwTxwPZw8l8SPK4Fi31D+aw8vI8doRCLYPef jkRecH5BlKu/OxwY7KRPOgnGnbi5GvwZNlcCAwEAAaOCAocwggKDMBIGA1UdEwEB/wQIMAYB Af8CAQAwDgYDVR0PAQH/BAQDAgGGMIGJBggrBgEFBQcBAQR9MHswMAYIKwYBBQUHMAGGJGh0 dHA6Ly9jb21tZXJjaWFsLm9jc3AuaWRlbnRydXN0LmNvbTBHBggrBgEFBQcwAoY7aHR0cDov L3ZhbGlkYXRpb24uaWRlbnRydXN0LmNvbS9yb290cy9jb21tZXJjaWFscm9vdGNhMS5wN2Mw HwYDVR0jBBgwFoAU7UQZwNPwBovupHu+QucmVMiONnYwggEkBgNVHSAEggEbMIIBFzCCARMG BFUdIAAwggEJMEoGCCsGAQUFBwIBFj5odHRwczovL3NlY3VyZS5pZGVudHJ1c3QuY29tL2Nl cnRpZmljYXRlcy9wb2xpY3kvdHMvaW5kZXguaHRtbDCBugYIKwYBBQUHAgIwga0MgapUaGlz IFRydXN0SUQgQ2VydGlmaWNhdGUgaGFzIGJlZW4gaXNzdWVkIGluIGFjY29yZGFuY2Ugd2l0 aCBJZGVuVHJ1c3QncyBUcnVzdElEIENlcnRpZmljYXRlIFBvbGljeSBmb3VuZCBhdCBodHRw czovL3NlY3VyZS5pZGVudHJ1c3QuY29tL2NlcnRpZmljYXRlcy9wb2xpY3kvdHMvaW5kZXgu aHRtbDBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vdmFsaWRhdGlvbi5pZGVudHJ1c3QuY29t L2NybC9jb21tZXJjaWFscm9vdGNhMS5jcmwwHQYDVR0OBBYEFC233htZfiqYLs3h1BvjxRAS XukUMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDANBgkqhkiG9w0BAQsFAAOCAgEA f+wSnMoC1+jZeGtN3Ax7e0y3T8Qsxbwxdm5FWAhU0V+O1H3qJhdYATxQ3ntx/yD5S0Zrkz6D bdKo3aX0M5g1jfeY1Fy3Sz0U6DccmqAebNIToXFeh9PLtxRwAgYn+eYtA0w81Umgb9AGfYdV 3rhseBYodVZt18c9uBgaqlbnbz0S8jCe7uobwakyCied7grN3ckC2U/Q156fpCb/Mu2UgGPk FayP3crE/Gr7Z/He5O2szQZH520avtHvPEKAZ3pervn6cG3eTS0R8sF3h/qYW81Cwmvmyz0T KiWltpW4b0lqzB0Q8t/3fB74JywgRStrOEqZ7OGAjeMVXG6pRls4KJRwilB9/b6XLA6NcpmR ayfEEeooSJ/BZieaCsAJ53fxugA1xQvW7nW/fud9qYUgFzma63nCEJ/r7T9+ujwvmgpQD7CC AyQ7KLUuc+F9iVBbDSLhIFxqoYihO0rmW6xRvbHXC6a0pSTe07EQ3NFtm/Z6sA/q4/+TDdAv nisIWvvMnb9Pqs08sTz/dCkYGnoBqMAuHVLGck5Np+GdzLgB1+ZwGS/1Yf0sg4/2o6K1eOMq mQc0NwoSoV231EsHtsTJsoANmeQ0cDESZ6fwbHIs2HTZNllyTE5x/sFSzfLCxMBLUEeHky6B ZkL6ytgDAUvZFubAZDMyDbf2W23GdxfngDAxggMUMIIDEAIBATBOMDoxCzAJBgNVBAYTAlVT MRIwEAYDVQQKEwlJZGVuVHJ1c3QxFzAVBgNVBAMTDlRydXN0SUQgQ0EgQTEzAhBAAYbcr4/U p3TgWUPRaYfVMA0GCWCGSAFlAwQCAQUAoIIBlzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB MBwGCSqGSIb3DQEJBTEPFw0yNDAyMDYxMTAzMTJaMC8GCSqGSIb3DQEJBDEiBCA3YZuzHolg ao+XnQe0dsEOgA2Qq8rLwfHcKLsAYcwSBTBdBgkrBgEEAYI3EAQxUDBOMDoxCzAJBgNVBAYT AlVTMRIwEAYDVQQKEwlJZGVuVHJ1c3QxFzAVBgNVBAMTDlRydXN0SUQgQ0EgQTEzAhBAAYbc r4/Up3TgWUPRaYfVMF8GCyqGSIb3DQEJEAILMVCgTjA6MQswCQYDVQQGEwJVUzESMBAGA1UE ChMJSWRlblRydXN0MRcwFQYDVQQDEw5UcnVzdElEIENBIEExMwIQQAGG3K+P1Kd04FlD0WmH 1TBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAQIwCgYIKoZIhvcN AwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMC AgEoMA0GCSqGSIb3DQEBAQUABIIBAGjBQIo2SalDksNPj+snHBAjfXHBfiAvIxX8CyFtG3Fb ksH/SG6WMqV9X7H6o+e/F/J6jUvTjcd776V5hw00/vvI+1pS9hI1Mp5za2kgTR1LaJ8mPoD3 s4V7jRiW3GLQVDgg8sD7kqGPi3qUi52CtQkoQUrTLgjybAzY2nGJNcJQCuANrFL0AbpPaPHj KINvk2e8SNcOLpMlHQKr1qrYnWmPB5UL7wcXsLmgSZV/BPSBMGWzST/+wll7ILEHe8GhltcM IbPVY8rLErcrJzrneFpG8quVDeXvOfSFJvj7OiVrfuLbmb8YW7z/+D0uX6EbZrz2+iFN/uXx dnoLs9+5cAUAAAAAAAA= --------------ms040709050300050406020206--