Downloading 10.2-RELEASE-p10 source without prayer

Matthew Seaman matthew at
Thu Jan 21 07:59:07 UTC 2016

On 20/01/2016 23:11, mfv wrote:
> I do not know how ca_root_nss works but will save that for another day.
> Right now, it just works, without any intervention on my part.  Kudos
> to the developers.

ca_root_nss is just a list of Certification Authority certificates,
which OpenSSL will trust by default.  It's derived from the list of
certificates that is built into Firefox for the same purpose.

'Trust' in this sense means that you're trusting the CA to verify that
the identity they've signed a certificate for is legitimately the
property of the people requesting it.  Various CAs have been expelled
from that list over time, due to incompetence or because they were found
to be the tools of a repressive regime, so it's important to keep
ca-root_nss up to date.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 957 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the freebsd-questions mailing list