git: 2821a7498f65 - main - libfetch, fetch: Stop recommending the use of ca_root_nss.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 08 Oct 2023 04:35:56 UTC
The branch main has been updated by des: URL: https://cgit.FreeBSD.org/src/commit/?id=2821a7498f65d357c68166e1978b491abef1ca4a commit 2821a7498f65d357c68166e1978b491abef1ca4a Author: Dag-Erling Smørgrav <des@FreeBSD.org> AuthorDate: 2023-10-08 04:35:15 +0000 Commit: Dag-Erling Smørgrav <des@FreeBSD.org> CommitDate: 2023-10-08 04:35:15 +0000 libfetch, fetch: Stop recommending the use of ca_root_nss. MFC after: 3 days Reviewed by: kevans, emaste Differential Revision: https://reviews.freebsd.org/D42119 --- lib/libfetch/fetch.3 | 15 +-------------- usr.bin/fetch/fetch.1 | 14 ++------------ 2 files changed, 3 insertions(+), 26 deletions(-) diff --git a/lib/libfetch/fetch.3 b/lib/libfetch/fetch.3 index 9082f338f7c1..5f7489799cf6 100644 --- a/lib/libfetch/fetch.3 +++ b/lib/libfetch/fetch.3 @@ -24,7 +24,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd November 24, 2020 +.Dd October 7, 2023 .Dt FETCH 3 .Os .Sh NAME @@ -409,19 +409,6 @@ library, is currently unimplemented. .Sh HTTPS SCHEME Based on HTTP SCHEME. -By default the peer is verified using the CA bundle located in -.Pa /usr/local/etc/ssl/cert.pem . -If this file does not exist, -.Pa /etc/ssl/cert.pem -is used instead. -If neither file exists, and -.Ev SSL_CA_CERT_PATH -has not been set, -OpenSSL's default CA cert and path settings apply. -The certificate bundle can contain multiple CA certificates. -A common source of a current CA bundle is -.Pa \%security/ca_root_nss . -.Pp The CA bundle used for peer verification can be changed by setting the environment variables .Ev SSL_CA_CERT_FILE diff --git a/usr.bin/fetch/fetch.1 b/usr.bin/fetch/fetch.1 index 2737373c98bf..7238226998fc 100644 --- a/usr.bin/fetch/fetch.1 +++ b/usr.bin/fetch/fetch.1 @@ -28,7 +28,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd October 29, 2020 +.Dd October 7, 2023 .Dt FETCH 1 .Os .Sh NAME @@ -131,18 +131,8 @@ only. .It Fl -ca-cert= Ns Ar file [SSL] Path to certificate bundle containing trusted CA certificates. -If not specified, -.Pa /usr/local/etc/ssl/cert.pem -is used. -If this file does not exist, -.Pa /etc/ssl/cert.pem -is used instead. -If neither file exists and no CA path has been configured, +Otherwise, OpenSSL's default CA cert and path settings apply. -The certificate bundle can contain multiple CA certificates. -The -.Pa security/ca_root_nss -port is a common source of a current CA bundle. .It Fl -ca-path= Ns Ar dir [SSL] The directory