Blacklisted certificates
Kyle Evans
kevans at freebsd.org
Wed Mar 31 12:37:07 UTC 2021
On Wed, Mar 31, 2021 at 7:25 AM Ronald Klop <ronald-lists at klop.ws> wrote:
>
>
> Van: Jochen Neumeister <joneum at FreeBSD.org>
> Datum: woensdag, 31 maart 2021 13:26
> Aan: Christoph Moench-Tegeder <cmt at burggraben.net>, freebsd-current at freebsd.org
> Onderwerp: Re: Blacklisted certificates
> >
> >
> > Am 31.03.21 um 13:02 schrieb Christoph Moench-Tegeder:
> > > ## Jochen Neumeister (joneum at FreeBSD.org):
> > >
> > >> Why are this certificates blacklisted?
> > > Various reasons:
> > > - Symantec (which owned Thawte and VeriSign back in the time) made
> > > the news in a bad way:
> > > https://www.theregister.com/2017/09/12/chrome_66_to_reject_symantec_certs/
> > > - some certificates are simply expired
> > > - some certificates use SHA-1 ("sha1WithRSAEncryption") which is
> > > beyond deprecated
> > > - and basically "whatever Mozilla did", as the certificates are
> > > imported from NSS.
> >
> > how can I ignore the certificates now? So now everyone has this problem with an update
> >
> >
> > Greetings
> > Jochen
> >
> > _______________________________________________
> > freebsd-current at freebsd.org mailing list
> > https://lists.freebsd.org/mailman/listinfo/freebsd-current
> > To unsubscribe, send any mail to "freebsd-current-unsubscribe at freebsd.org"
> >
> >
> >
>
> Hi,
>
> This is the proper output of installworld. So you don't have to ignore anything anymore. It is handled by installworld.
>
I might smack it with a -q hammer, since the output's likely not
relevant to most people (certainly not there).
More information about the freebsd-current
mailing list