Date: Tue, 5 Oct 2021 13:40:05 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: mike tancsa <mike@sentex.net>, "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: openssl patch for RELENG_11 to work around Lets Encrypt work around Message-ID: <33721447-02f8-c63e-bc99-f6bdda6d3cf1@grosbein.net> In-Reply-To: <4d54f1ae-3989-b07e-c75a-c30755cd8bb3@sentex.net> References: <626bd0ad-e0b9-1f98-9505-663d655fa73d@sentex.net> <20211001225104.GA74427@funkthat.com> <4d54f1ae-3989-b07e-c75a-c30755cd8bb3@sentex.net>
next in thread | previous in thread | raw e-mail | index | archive | help
04.10.2021 20:44, mike tancsa wrote: > I guess the one challenge is that I need to update the future updates. > pkg upgrade will fetch the latest ca_root_nss: 3.69 -> 3.69_1 again, > which has the problematic cert. I then need to patch again. I wonder if > this is why OpenBSD just went the flags way ? Granted, this is > RELENG_11 which is out of support now anyways. But for the archives, > removing the cert via the attached patch and making sure > /usr/local/etc/ssl/cert.pem points to > /usr/local/share/certs/ca-root-nss.crt fixes up fetch and lib fetch users. It is meaningless to run pkg upgrade for stable/11 these days.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?33721447-02f8-c63e-bc99-f6bdda6d3cf1>