cvs commit: ports/security/ca-roots Makefile
Brooks Davis
brooks at FreeBSD.org
Thu Jun 7 20:04:00 UTC 2007
On Thu, Jun 07, 2007 at 09:45:28PM +0200, Simon L. Nielsen wrote:
> On 2007.06.07 19:41:15 +0000, Simon L. Nielsen wrote:
> > simon 2007-06-07 19:41:15 UTC
> >
> > FreeBSD ports repository
> >
> > Modified files:
> > security/ca-roots Makefile
> > Log:
> > Deprecated and set one month expiration since it's not supported by
> > the FreeBSD Security Officer anymore.
> >
> > The current ca-roots port makes promises with regard to CA verification
> > which the current Security Officer (and deputy) do not want to make.
>
> brooks@ has a new port which has a list of CA's (I think he said it
> was extracted on-the-fly from OpenSSL but I can't recall for sure),
> which will should be committed soonish. This will not be a direct
> replacement for ca-roots wrt. guarantees of the CA's, but can probably
> be used in most cases where ca-roots is used today.
It's actually the set from the Mozilla Project's nss library. If you
use an open source web browser this is the set of CAs you trust by
default. There's a tarball of the current version at:
http://people.freebsd.org/~brooks/ports/ca_root_nss.tar.gz
It's slighlty ugly in that it requres the nss dist file and the mod_ssl
distfile, but it works.
-- Brooks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-all/attachments/20070607/d5b3510d/attachment.pgp
More information about the cvs-all
mailing list