From owner-svn-src-all@freebsd.org Thu May 21 19:45:15 2020 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7F15A2F2D37; Thu, 21 May 2020 19:45:15 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49Sg7v2lLZz4D9n; Thu, 21 May 2020 19:45:15 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 593FF12D87; Thu, 21 May 2020 19:45:15 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04LJjF0n027238; Thu, 21 May 2020 19:45:15 GMT (envelope-from kevans@FreeBSD.org) Received: (from kevans@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04LJjFgi027237; Thu, 21 May 2020 19:45:15 GMT (envelope-from kevans@FreeBSD.org) Message-Id: <202005211945.04LJjFgi027237@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kevans set sender to kevans@FreeBSD.org using -f From: Kyle Evans Date: Thu, 21 May 2020 19:45:15 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r361341 - releng/11.4/secure/caroot/trusted X-SVN-Group: releng X-SVN-Commit-Author: kevans X-SVN-Commit-Paths: releng/11.4/secure/caroot/trusted X-SVN-Commit-Revision: 361341 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 May 2020 19:45:15 -0000 Author: kevans Date: Thu May 21 19:45:14 2020 New Revision: 361341 URL: https://svnweb.freebsd.org/changeset/base/361341 Log: Revert r360395: MFC r353095, r355376: add root bundle certctl(8) demonstrably has some logistics issues that still need to be worked out, as pointed out in at least PR 228913, 246614. I do not feel comfortable with proceeding with my original plan for the impending release without resolving at least PR 246614 and being able to get the release(7) scripts into a state where they're producing VM images that more closesly resemble a bsdinstall-produced install. 11.4 will still maintain the current version of certctl(8) that works well for most cases, and it still includes the caroot infrastructure. I do not currently intend to revert this in stable/11, as I would still like folks along stable/11 to be able to participate in Q/A'ing this feature. Approved by: re (gjb) Deleted: releng/11.4/secure/caroot/trusted/ACCVRAIZ1.pem releng/11.4/secure/caroot/trusted/AC_RAIZ_FNMT-RCM.pem releng/11.4/secure/caroot/trusted/Actalis_Authentication_Root_CA.pem releng/11.4/secure/caroot/trusted/AddTrust_External_Root.pem releng/11.4/secure/caroot/trusted/AddTrust_Low-Value_Services_Root.pem releng/11.4/secure/caroot/trusted/AffirmTrust_Commercial.pem releng/11.4/secure/caroot/trusted/AffirmTrust_Networking.pem releng/11.4/secure/caroot/trusted/AffirmTrust_Premium.pem releng/11.4/secure/caroot/trusted/AffirmTrust_Premium_ECC.pem releng/11.4/secure/caroot/trusted/Amazon_Root_CA_1.pem releng/11.4/secure/caroot/trusted/Amazon_Root_CA_2.pem releng/11.4/secure/caroot/trusted/Amazon_Root_CA_3.pem releng/11.4/secure/caroot/trusted/Amazon_Root_CA_4.pem releng/11.4/secure/caroot/trusted/Atos_TrustedRoot_2011.pem releng/11.4/secure/caroot/trusted/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem releng/11.4/secure/caroot/trusted/Baltimore_CyberTrust_Root.pem releng/11.4/secure/caroot/trusted/Buypass_Class_2_Root_CA.pem releng/11.4/secure/caroot/trusted/Buypass_Class_3_Root_CA.pem releng/11.4/secure/caroot/trusted/CA_Disig_Root_R2.pem releng/11.4/secure/caroot/trusted/CFCA_EV_ROOT.pem releng/11.4/secure/caroot/trusted/COMODO_Certification_Authority.pem releng/11.4/secure/caroot/trusted/COMODO_ECC_Certification_Authority.pem releng/11.4/secure/caroot/trusted/COMODO_RSA_Certification_Authority.pem releng/11.4/secure/caroot/trusted/Camerfirma_Chambers_of_Commerce_Root.pem releng/11.4/secure/caroot/trusted/Camerfirma_Global_Chambersign_Root.pem releng/11.4/secure/caroot/trusted/Certigna.pem releng/11.4/secure/caroot/trusted/Certigna_Root_CA.pem releng/11.4/secure/caroot/trusted/Certum_Root_CA.pem releng/11.4/secure/caroot/trusted/Certum_Trusted_Network_CA.pem releng/11.4/secure/caroot/trusted/Certum_Trusted_Network_CA_2.pem releng/11.4/secure/caroot/trusted/Chambers_of_Commerce_Root_-_2008.pem releng/11.4/secure/caroot/trusted/Comodo_AAA_Services_root.pem releng/11.4/secure/caroot/trusted/Cybertrust_Global_Root.pem releng/11.4/secure/caroot/trusted/D-TRUST_Root_CA_3_2013.pem releng/11.4/secure/caroot/trusted/D-TRUST_Root_Class_3_CA_2_2009.pem releng/11.4/secure/caroot/trusted/D-TRUST_Root_Class_3_CA_2_EV_2009.pem releng/11.4/secure/caroot/trusted/DST_Root_CA_X3.pem releng/11.4/secure/caroot/trusted/DigiCert_Assured_ID_Root_CA.pem releng/11.4/secure/caroot/trusted/DigiCert_Assured_ID_Root_G2.pem releng/11.4/secure/caroot/trusted/DigiCert_Assured_ID_Root_G3.pem releng/11.4/secure/caroot/trusted/DigiCert_Global_Root_CA.pem releng/11.4/secure/caroot/trusted/DigiCert_Global_Root_G2.pem releng/11.4/secure/caroot/trusted/DigiCert_Global_Root_G3.pem releng/11.4/secure/caroot/trusted/DigiCert_High_Assurance_EV_Root_CA.pem releng/11.4/secure/caroot/trusted/DigiCert_Trusted_Root_G4.pem releng/11.4/secure/caroot/trusted/E-Tugra_Certification_Authority.pem releng/11.4/secure/caroot/trusted/EC-ACC.pem releng/11.4/secure/caroot/trusted/EE_Certification_Centre_Root_CA.pem releng/11.4/secure/caroot/trusted/Entrust_Root_Certification_Authority.pem releng/11.4/secure/caroot/trusted/Entrust_Root_Certification_Authority_-_EC1.pem releng/11.4/secure/caroot/trusted/Entrust_Root_Certification_Authority_-_G2.pem releng/11.4/secure/caroot/trusted/Entrust_Root_Certification_Authority_-_G4.pem releng/11.4/secure/caroot/trusted/Entrust_net_Premium_2048_Secure_Server_CA.pem releng/11.4/secure/caroot/trusted/GDCA_TrustAUTH_R5_ROOT.pem releng/11.4/secure/caroot/trusted/GTS_Root_R1.pem releng/11.4/secure/caroot/trusted/GTS_Root_R2.pem releng/11.4/secure/caroot/trusted/GTS_Root_R3.pem releng/11.4/secure/caroot/trusted/GTS_Root_R4.pem releng/11.4/secure/caroot/trusted/GeoTrust_Global_CA.pem releng/11.4/secure/caroot/trusted/GeoTrust_Primary_Certification_Authority.pem releng/11.4/secure/caroot/trusted/GeoTrust_Primary_Certification_Authority_-_G2.pem releng/11.4/secure/caroot/trusted/GeoTrust_Primary_Certification_Authority_-_G3.pem releng/11.4/secure/caroot/trusted/GeoTrust_Universal_CA.pem releng/11.4/secure/caroot/trusted/GeoTrust_Universal_CA_2.pem releng/11.4/secure/caroot/trusted/GlobalSign_ECC_Root_CA_-_R4.pem releng/11.4/secure/caroot/trusted/GlobalSign_ECC_Root_CA_-_R5.pem releng/11.4/secure/caroot/trusted/GlobalSign_Root_CA.pem releng/11.4/secure/caroot/trusted/GlobalSign_Root_CA_-_R2.pem releng/11.4/secure/caroot/trusted/GlobalSign_Root_CA_-_R3.pem releng/11.4/secure/caroot/trusted/GlobalSign_Root_CA_-_R6.pem releng/11.4/secure/caroot/trusted/Global_Chambersign_Root_-_2008.pem releng/11.4/secure/caroot/trusted/Go_Daddy_Class_2_CA.pem releng/11.4/secure/caroot/trusted/Go_Daddy_Root_Certificate_Authority_-_G2.pem releng/11.4/secure/caroot/trusted/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem releng/11.4/secure/caroot/trusted/Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem releng/11.4/secure/caroot/trusted/Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem releng/11.4/secure/caroot/trusted/Hongkong_Post_Root_CA_1.pem releng/11.4/secure/caroot/trusted/Hongkong_Post_Root_CA_3.pem releng/11.4/secure/caroot/trusted/ISRG_Root_X1.pem releng/11.4/secure/caroot/trusted/IdenTrust_Commercial_Root_CA_1.pem releng/11.4/secure/caroot/trusted/IdenTrust_Public_Sector_Root_CA_1.pem releng/11.4/secure/caroot/trusted/Izenpe_com.pem releng/11.4/secure/caroot/trusted/LuxTrust_Global_Root_2.pem releng/11.4/secure/caroot/trusted/Microsec_e-Szigno_Root_CA_2009.pem releng/11.4/secure/caroot/trusted/NetLock_Arany__Class_Gold__F__tan__s__tv__ny.pem releng/11.4/secure/caroot/trusted/Network_Solutions_Certificate_Authority.pem releng/11.4/secure/caroot/trusted/OISTE_WISeKey_Global_Root_GA_CA.pem releng/11.4/secure/caroot/trusted/OISTE_WISeKey_Global_Root_GB_CA.pem releng/11.4/secure/caroot/trusted/OISTE_WISeKey_Global_Root_GC_CA.pem releng/11.4/secure/caroot/trusted/QuoVadis_Root_CA.pem releng/11.4/secure/caroot/trusted/QuoVadis_Root_CA_1_G3.pem releng/11.4/secure/caroot/trusted/QuoVadis_Root_CA_2.pem releng/11.4/secure/caroot/trusted/QuoVadis_Root_CA_2_G3.pem releng/11.4/secure/caroot/trusted/QuoVadis_Root_CA_3.pem releng/11.4/secure/caroot/trusted/QuoVadis_Root_CA_3_G3.pem releng/11.4/secure/caroot/trusted/SSL_com_EV_Root_Certification_Authority_ECC.pem releng/11.4/secure/caroot/trusted/SSL_com_EV_Root_Certification_Authority_RSA_R2.pem releng/11.4/secure/caroot/trusted/SSL_com_Root_Certification_Authority_ECC.pem releng/11.4/secure/caroot/trusted/SSL_com_Root_Certification_Authority_RSA.pem releng/11.4/secure/caroot/trusted/SZAFIR_ROOT_CA2.pem releng/11.4/secure/caroot/trusted/SecureSign_RootCA11.pem releng/11.4/secure/caroot/trusted/SecureTrust_CA.pem releng/11.4/secure/caroot/trusted/Secure_Global_CA.pem releng/11.4/secure/caroot/trusted/Security_Communication_RootCA2.pem releng/11.4/secure/caroot/trusted/Security_Communication_Root_CA.pem releng/11.4/secure/caroot/trusted/Sonera_Class_2_Root_CA.pem releng/11.4/secure/caroot/trusted/Staat_der_Nederlanden_EV_Root_CA.pem releng/11.4/secure/caroot/trusted/Staat_der_Nederlanden_Root_CA_-_G2.pem releng/11.4/secure/caroot/trusted/Staat_der_Nederlanden_Root_CA_-_G3.pem releng/11.4/secure/caroot/trusted/Starfield_Class_2_CA.pem releng/11.4/secure/caroot/trusted/Starfield_Root_Certificate_Authority_-_G2.pem releng/11.4/secure/caroot/trusted/Starfield_Services_Root_Certificate_Authority_-_G2.pem releng/11.4/secure/caroot/trusted/SwissSign_Gold_CA_-_G2.pem releng/11.4/secure/caroot/trusted/SwissSign_Platinum_CA_-_G2.pem releng/11.4/secure/caroot/trusted/SwissSign_Silver_CA_-_G2.pem releng/11.4/secure/caroot/trusted/Symantec_Class_1_Public_Primary_Certification_Authority_-_G4.pem releng/11.4/secure/caroot/trusted/Symantec_Class_1_Public_Primary_Certification_Authority_-_G6.pem releng/11.4/secure/caroot/trusted/Symantec_Class_2_Public_Primary_Certification_Authority_-_G4.pem releng/11.4/secure/caroot/trusted/Symantec_Class_2_Public_Primary_Certification_Authority_-_G6.pem releng/11.4/secure/caroot/trusted/T-TeleSec_GlobalRoot_Class_2.pem releng/11.4/secure/caroot/trusted/T-TeleSec_GlobalRoot_Class_3.pem releng/11.4/secure/caroot/trusted/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem releng/11.4/secure/caroot/trusted/TWCA_Global_Root_CA.pem releng/11.4/secure/caroot/trusted/TWCA_Root_Certification_Authority.pem releng/11.4/secure/caroot/trusted/Taiwan_GRCA.pem releng/11.4/secure/caroot/trusted/TeliaSonera_Root_CA_v1.pem releng/11.4/secure/caroot/trusted/TrustCor_ECA-1.pem releng/11.4/secure/caroot/trusted/TrustCor_RootCert_CA-1.pem releng/11.4/secure/caroot/trusted/TrustCor_RootCert_CA-2.pem releng/11.4/secure/caroot/trusted/Trustis_FPS_Root_CA.pem releng/11.4/secure/caroot/trusted/UCA_Extended_Validation_Root.pem releng/11.4/secure/caroot/trusted/UCA_Global_G2_Root.pem releng/11.4/secure/caroot/trusted/USERTrust_ECC_Certification_Authority.pem releng/11.4/secure/caroot/trusted/USERTrust_RSA_Certification_Authority.pem releng/11.4/secure/caroot/trusted/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.pem releng/11.4/secure/caroot/trusted/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem releng/11.4/secure/caroot/trusted/VeriSign_Universal_Root_Certification_Authority.pem releng/11.4/secure/caroot/trusted/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem releng/11.4/secure/caroot/trusted/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem releng/11.4/secure/caroot/trusted/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem releng/11.4/secure/caroot/trusted/XRamp_Global_CA_Root.pem releng/11.4/secure/caroot/trusted/certSIGN_ROOT_CA.pem releng/11.4/secure/caroot/trusted/ePKI_Root_Certification_Authority.pem releng/11.4/secure/caroot/trusted/emSign_ECC_Root_CA_-_C3.pem releng/11.4/secure/caroot/trusted/emSign_ECC_Root_CA_-_G3.pem releng/11.4/secure/caroot/trusted/emSign_Root_CA_-_C1.pem releng/11.4/secure/caroot/trusted/emSign_Root_CA_-_G1.pem releng/11.4/secure/caroot/trusted/thawte_Primary_Root_CA.pem releng/11.4/secure/caroot/trusted/thawte_Primary_Root_CA_-_G2.pem releng/11.4/secure/caroot/trusted/thawte_Primary_Root_CA_-_G3.pem