non port: security/ca_root_nss/files/MAca-bundle.pl.in |
Number of commits found: 5 |
Friday, 3 Sep 2021
|
14:33 Matthias Andree (mandree)
security/ca_root_nss: only add SERVER_AUTH certs,
and support CKA_NSS_SERVER_DISTRUST_AFTER to not include
certificates if the extracted bundle of certificates
is generated later than the expiration date.
This script no longer emits trust certificates for
* EMAIL_PROTECTION
* CODE_SIGNING
because the default certificate bundle in FreeBSD is supposed to
be used for server authentication.
Reported by: Christian Heimes <christian@python.org>
via: Gordon Tetlow
Approved by: ports-secteam (riggs@) (maintainer)
ef0a391 |
Tuesday, 6 Apr 2021
|
14:31 Mathieu Arnold (mat)
all: Remove all other $FreeBSD keywords.
135fdee |
Thursday, 29 Aug 2013
|
08:10 mandree
Update extraction script to:
- Only look at CKA_TRUST_SERVER_AUTH, _EMAIL_PROTECTION, and
_CODE_SIGNING attributes.
- Omit certificates that do not have any explicit trust value in these
three attributes; at least one of the purposes must mark the
certificate a trusted delegator.
- Validate that the trust is one of three known trust values, to become
aware of syntax changes in certdata.txt. If it is an unknown token,
abort with an error stating that the script must be updated.
- Check that we have at least 25 certificates in the output or abort.
This removes these two certificates that have "unknown"
(CKT_NSS_MUST_VERIFY_TRUST) in all three tokens, making them unfit as
trust anchors:
1 C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Universal CA,
CN=TC TrustCenter Universal CA III
2 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network,
OU=http://www.usertrust.com,
CN=UTN-USERFirst-Network Applications
164 trusted certificates remain.
|
Wednesday, 20 Feb 2013
|
08:07 mandree
Support WITH_DEBUG=yes to get more debug output from the bundle
creation, to verbosely print omitted and included certificates.
Approved by: flo@ on "as long as you fix it if it breaks" condition
|
Tuesday, 19 Feb 2013
|
23:53 flo
- update firefox to 19.0
- update firefox-esr, thunderbird, linux-firefox, linux-thunderbird to 17.0.3
- update linux-seamonkey to 2.16
- update nspr to 4.9.5
- update nss to 3.14.3
- add DuckDuckGo search plugin to firefox [1]
- mark kompozer deprecated
- clang fixes for www/libxul19 [2]
Security: http://www.vuxml.org/freebsd/e3f0374a-7ad6-11e2-84cd-d43d7e0c7c02.html
Submitted by: DuckDuckGo [1], dim [2]
In collaboration with: Jan Beich <jbeich@tormail.org>
|
Number of commits found: 5 |