[Bug 268841] security/p11-kit: Use base system root certificates

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 09 Jan 2023 13:23:48 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268841

            Bug ID: 268841
           Summary: security/p11-kit: Use base system root certificates
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Keywords: needs-qa
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: novel@FreeBSD.org
          Reporter: tijl@FreeBSD.org
          Assignee: novel@FreeBSD.org
             Flags: maintainer-feedback?(novel@FreeBSD.org)

Created attachment 239361
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=239361&action=edit
patch

Drop dependency on ca_root_nss and use base system root certificates instead. 
This allows users to add their own certificates.

trust_paths now points to a directory and that directory contains "anchors" and
"blocklist" symlinks pointing to the base system certificate directories.  This
is based on the documentation from
https://p11-glue.github.io/p11-glue/p11-kit/manual/trust-module.html.  The list
of certificates known to p11-kit can be verified by running "trust list".

-- 
You are receiving this mail because:
You are the assignee for the bug.