Re: CA's TLS Certificate Bundle in base = BAD
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 07 Dec 2022 21:06:06 UTC
After running a 12.4 installworld found TrustCor certs had been reinstalled. Out of curiosity, were these known bad certificates intentionally left in RELEASE? If so it does appear we could use a ports-based solution. At this point all the port would need to do is periodically "rm /usr/share/certs/trusted/TrustCor*" but there's sure to be room for options to better harden PKI. Roger Marquis