Blacklisted certificates
Jochen Neumeister
joneum at FreeBSD.org
Wed Mar 31 14:19:52 UTC 2021
Am 31.03.21 um 14:24 schrieb Ronald Klop:
>
> Van: Jochen Neumeister <joneum at FreeBSD.org>
> Datum: woensdag, 31 maart 2021 13:26
> Aan: Christoph Moench-Tegeder <cmt at burggraben.net>,
> freebsd-current at freebsd.org
> Onderwerp: Re: Blacklisted certificates
>>
>>
>> Am 31.03.21 um 13:02 schrieb Christoph Moench-Tegeder:
>> > ## Jochen Neumeister (joneum at FreeBSD.org):
>> >
>> >> Why are this certificates blacklisted?
>> > Various reasons:
>> > - Symantec (which owned Thawte and VeriSign back in the time) made
>> > the news in a bad way:
>> >
>> https://www.theregister.com/2017/09/12/chrome_66_to_reject_symantec_certs/
>> > - some certificates are simply expired
>> > - some certificates use SHA-1 ("sha1WithRSAEncryption") which is
>> > beyond deprecated
>> > - and basically "whatever Mozilla did", as the certificates are
>> > imported from NSS.
>>
>> how can I ignore the certificates now? So now everyone has this
>> problem with an update
>>
>>
>> Greetings
>> Jochen
>>
>> _______________________________________________
>> freebsd-current at freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-current
>> To unsubscribe, send any mail to
>> "freebsd-current-unsubscribe at freebsd.org"
>>
>>
>>
>
> Hi,
>
> This is the proper output of installworld. So you don't have to ignore
> anything anymore. It is handled by installworld.
>
in the next step etcupdate has another problem. I have to delete the
blacklist certificates manually.
#cd /usr/src && etcupdate
Conflicts remain from previous update, aborting.
Greetings
Jochen
More information about the freebsd-current
mailing list