Date: Thu, 21 May 2020 19:45:15 +0000 (UTC) From: Kyle Evans <kevans@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r361341 - releng/11.4/secure/caroot/trusted Message-ID: <202005211945.04LJjFgi027237@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kevans Date: Thu May 21 19:45:14 2020 New Revision: 361341 URL: https://svnweb.freebsd.org/changeset/base/361341 Log: Revert r360395: MFC r353095, r355376: add root bundle certctl(8) demonstrably has some logistics issues that still need to be worked out, as pointed out in at least PR 228913, 246614. I do not feel comfortable with proceeding with my original plan for the impending release without resolving at least PR 246614 and being able to get the release(7) scripts into a state where they're producing VM images that more closesly resemble a bsdinstall-produced install. 11.4 will still maintain the current version of certctl(8) that works well for most cases, and it still includes the caroot infrastructure. I do not currently intend to revert this in stable/11, as I would still like folks along stable/11 to be able to participate in Q/A'ing this feature. Approved by: re (gjb) Deleted: releng/11.4/secure/caroot/trusted/ACCVRAIZ1.pem releng/11.4/secure/caroot/trusted/AC_RAIZ_FNMT-RCM.pem releng/11.4/secure/caroot/trusted/Actalis_Authentication_Root_CA.pem releng/11.4/secure/caroot/trusted/AddTrust_External_Root.pem releng/11.4/secure/caroot/trusted/AddTrust_Low-Value_Services_Root.pem releng/11.4/secure/caroot/trusted/AffirmTrust_Commercial.pem releng/11.4/secure/caroot/trusted/AffirmTrust_Networking.pem releng/11.4/secure/caroot/trusted/AffirmTrust_Premium.pem releng/11.4/secure/caroot/trusted/AffirmTrust_Premium_ECC.pem releng/11.4/secure/caroot/trusted/Amazon_Root_CA_1.pem releng/11.4/secure/caroot/trusted/Amazon_Root_CA_2.pem releng/11.4/secure/caroot/trusted/Amazon_Root_CA_3.pem releng/11.4/secure/caroot/trusted/Amazon_Root_CA_4.pem releng/11.4/secure/caroot/trusted/Atos_TrustedRoot_2011.pem releng/11.4/secure/caroot/trusted/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem releng/11.4/secure/caroot/trusted/Baltimore_CyberTrust_Root.pem releng/11.4/secure/caroot/trusted/Buypass_Class_2_Root_CA.pem releng/11.4/secure/caroot/trusted/Buypass_Class_3_Root_CA.pem releng/11.4/secure/caroot/trusted/CA_Disig_Root_R2.pem releng/11.4/secure/caroot/trusted/CFCA_EV_ROOT.pem releng/11.4/secure/caroot/trusted/COMODO_Certification_Authority.pem releng/11.4/secure/caroot/trusted/COMODO_ECC_Certification_Authority.pem releng/11.4/secure/caroot/trusted/COMODO_RSA_Certification_Authority.pem releng/11.4/secure/caroot/trusted/Camerfirma_Chambers_of_Commerce_Root.pem releng/11.4/secure/caroot/trusted/Camerfirma_Global_Chambersign_Root.pem releng/11.4/secure/caroot/trusted/Certigna.pem releng/11.4/secure/caroot/trusted/Certigna_Root_CA.pem releng/11.4/secure/caroot/trusted/Certum_Root_CA.pem releng/11.4/secure/caroot/trusted/Certum_Trusted_Network_CA.pem releng/11.4/secure/caroot/trusted/Certum_Trusted_Network_CA_2.pem releng/11.4/secure/caroot/trusted/Chambers_of_Commerce_Root_-_2008.pem releng/11.4/secure/caroot/trusted/Comodo_AAA_Services_root.pem releng/11.4/secure/caroot/trusted/Cybertrust_Global_Root.pem releng/11.4/secure/caroot/trusted/D-TRUST_Root_CA_3_2013.pem releng/11.4/secure/caroot/trusted/D-TRUST_Root_Class_3_CA_2_2009.pem releng/11.4/secure/caroot/trusted/D-TRUST_Root_Class_3_CA_2_EV_2009.pem releng/11.4/secure/caroot/trusted/DST_Root_CA_X3.pem releng/11.4/secure/caroot/trusted/DigiCert_Assured_ID_Root_CA.pem releng/11.4/secure/caroot/trusted/DigiCert_Assured_ID_Root_G2.pem releng/11.4/secure/caroot/trusted/DigiCert_Assured_ID_Root_G3.pem releng/11.4/secure/caroot/trusted/DigiCert_Global_Root_CA.pem releng/11.4/secure/caroot/trusted/DigiCert_Global_Root_G2.pem releng/11.4/secure/caroot/trusted/DigiCert_Global_Root_G3.pem releng/11.4/secure/caroot/trusted/DigiCert_High_Assurance_EV_Root_CA.pem releng/11.4/secure/caroot/trusted/DigiCert_Trusted_Root_G4.pem releng/11.4/secure/caroot/trusted/E-Tugra_Certification_Authority.pem releng/11.4/secure/caroot/trusted/EC-ACC.pem releng/11.4/secure/caroot/trusted/EE_Certification_Centre_Root_CA.pem releng/11.4/secure/caroot/trusted/Entrust_Root_Certification_Authority.pem releng/11.4/secure/caroot/trusted/Entrust_Root_Certification_Authority_-_EC1.pem releng/11.4/secure/caroot/trusted/Entrust_Root_Certification_Authority_-_G2.pem releng/11.4/secure/caroot/trusted/Entrust_Root_Certification_Authority_-_G4.pem releng/11.4/secure/caroot/trusted/Entrust_net_Premium_2048_Secure_Server_CA.pem releng/11.4/secure/caroot/trusted/GDCA_TrustAUTH_R5_ROOT.pem releng/11.4/secure/caroot/trusted/GTS_Root_R1.pem releng/11.4/secure/caroot/trusted/GTS_Root_R2.pem releng/11.4/secure/caroot/trusted/GTS_Root_R3.pem releng/11.4/secure/caroot/trusted/GTS_Root_R4.pem releng/11.4/secure/caroot/trusted/GeoTrust_Global_CA.pem releng/11.4/secure/caroot/trusted/GeoTrust_Primary_Certification_Authority.pem releng/11.4/secure/caroot/trusted/GeoTrust_Primary_Certification_Authority_-_G2.pem releng/11.4/secure/caroot/trusted/GeoTrust_Primary_Certification_Authority_-_G3.pem releng/11.4/secure/caroot/trusted/GeoTrust_Universal_CA.pem releng/11.4/secure/caroot/trusted/GeoTrust_Universal_CA_2.pem releng/11.4/secure/caroot/trusted/GlobalSign_ECC_Root_CA_-_R4.pem releng/11.4/secure/caroot/trusted/GlobalSign_ECC_Root_CA_-_R5.pem releng/11.4/secure/caroot/trusted/GlobalSign_Root_CA.pem releng/11.4/secure/caroot/trusted/GlobalSign_Root_CA_-_R2.pem releng/11.4/secure/caroot/trusted/GlobalSign_Root_CA_-_R3.pem releng/11.4/secure/caroot/trusted/GlobalSign_Root_CA_-_R6.pem releng/11.4/secure/caroot/trusted/Global_Chambersign_Root_-_2008.pem releng/11.4/secure/caroot/trusted/Go_Daddy_Class_2_CA.pem releng/11.4/secure/caroot/trusted/Go_Daddy_Root_Certificate_Authority_-_G2.pem releng/11.4/secure/caroot/trusted/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem releng/11.4/secure/caroot/trusted/Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem releng/11.4/secure/caroot/trusted/Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem releng/11.4/secure/caroot/trusted/Hongkong_Post_Root_CA_1.pem releng/11.4/secure/caroot/trusted/Hongkong_Post_Root_CA_3.pem releng/11.4/secure/caroot/trusted/ISRG_Root_X1.pem releng/11.4/secure/caroot/trusted/IdenTrust_Commercial_Root_CA_1.pem releng/11.4/secure/caroot/trusted/IdenTrust_Public_Sector_Root_CA_1.pem releng/11.4/secure/caroot/trusted/Izenpe_com.pem releng/11.4/secure/caroot/trusted/LuxTrust_Global_Root_2.pem releng/11.4/secure/caroot/trusted/Microsec_e-Szigno_Root_CA_2009.pem releng/11.4/secure/caroot/trusted/NetLock_Arany__Class_Gold__F__tan__s__tv__ny.pem releng/11.4/secure/caroot/trusted/Network_Solutions_Certificate_Authority.pem releng/11.4/secure/caroot/trusted/OISTE_WISeKey_Global_Root_GA_CA.pem releng/11.4/secure/caroot/trusted/OISTE_WISeKey_Global_Root_GB_CA.pem releng/11.4/secure/caroot/trusted/OISTE_WISeKey_Global_Root_GC_CA.pem releng/11.4/secure/caroot/trusted/QuoVadis_Root_CA.pem releng/11.4/secure/caroot/trusted/QuoVadis_Root_CA_1_G3.pem releng/11.4/secure/caroot/trusted/QuoVadis_Root_CA_2.pem releng/11.4/secure/caroot/trusted/QuoVadis_Root_CA_2_G3.pem releng/11.4/secure/caroot/trusted/QuoVadis_Root_CA_3.pem releng/11.4/secure/caroot/trusted/QuoVadis_Root_CA_3_G3.pem releng/11.4/secure/caroot/trusted/SSL_com_EV_Root_Certification_Authority_ECC.pem releng/11.4/secure/caroot/trusted/SSL_com_EV_Root_Certification_Authority_RSA_R2.pem releng/11.4/secure/caroot/trusted/SSL_com_Root_Certification_Authority_ECC.pem releng/11.4/secure/caroot/trusted/SSL_com_Root_Certification_Authority_RSA.pem releng/11.4/secure/caroot/trusted/SZAFIR_ROOT_CA2.pem releng/11.4/secure/caroot/trusted/SecureSign_RootCA11.pem releng/11.4/secure/caroot/trusted/SecureTrust_CA.pem releng/11.4/secure/caroot/trusted/Secure_Global_CA.pem releng/11.4/secure/caroot/trusted/Security_Communication_RootCA2.pem releng/11.4/secure/caroot/trusted/Security_Communication_Root_CA.pem releng/11.4/secure/caroot/trusted/Sonera_Class_2_Root_CA.pem releng/11.4/secure/caroot/trusted/Staat_der_Nederlanden_EV_Root_CA.pem releng/11.4/secure/caroot/trusted/Staat_der_Nederlanden_Root_CA_-_G2.pem releng/11.4/secure/caroot/trusted/Staat_der_Nederlanden_Root_CA_-_G3.pem releng/11.4/secure/caroot/trusted/Starfield_Class_2_CA.pem releng/11.4/secure/caroot/trusted/Starfield_Root_Certificate_Authority_-_G2.pem releng/11.4/secure/caroot/trusted/Starfield_Services_Root_Certificate_Authority_-_G2.pem releng/11.4/secure/caroot/trusted/SwissSign_Gold_CA_-_G2.pem releng/11.4/secure/caroot/trusted/SwissSign_Platinum_CA_-_G2.pem releng/11.4/secure/caroot/trusted/SwissSign_Silver_CA_-_G2.pem releng/11.4/secure/caroot/trusted/Symantec_Class_1_Public_Primary_Certification_Authority_-_G4.pem releng/11.4/secure/caroot/trusted/Symantec_Class_1_Public_Primary_Certification_Authority_-_G6.pem releng/11.4/secure/caroot/trusted/Symantec_Class_2_Public_Primary_Certification_Authority_-_G4.pem releng/11.4/secure/caroot/trusted/Symantec_Class_2_Public_Primary_Certification_Authority_-_G6.pem releng/11.4/secure/caroot/trusted/T-TeleSec_GlobalRoot_Class_2.pem releng/11.4/secure/caroot/trusted/T-TeleSec_GlobalRoot_Class_3.pem releng/11.4/secure/caroot/trusted/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem releng/11.4/secure/caroot/trusted/TWCA_Global_Root_CA.pem releng/11.4/secure/caroot/trusted/TWCA_Root_Certification_Authority.pem releng/11.4/secure/caroot/trusted/Taiwan_GRCA.pem releng/11.4/secure/caroot/trusted/TeliaSonera_Root_CA_v1.pem releng/11.4/secure/caroot/trusted/TrustCor_ECA-1.pem releng/11.4/secure/caroot/trusted/TrustCor_RootCert_CA-1.pem releng/11.4/secure/caroot/trusted/TrustCor_RootCert_CA-2.pem releng/11.4/secure/caroot/trusted/Trustis_FPS_Root_CA.pem releng/11.4/secure/caroot/trusted/UCA_Extended_Validation_Root.pem releng/11.4/secure/caroot/trusted/UCA_Global_G2_Root.pem releng/11.4/secure/caroot/trusted/USERTrust_ECC_Certification_Authority.pem releng/11.4/secure/caroot/trusted/USERTrust_RSA_Certification_Authority.pem releng/11.4/secure/caroot/trusted/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.pem releng/11.4/secure/caroot/trusted/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem releng/11.4/secure/caroot/trusted/VeriSign_Universal_Root_Certification_Authority.pem releng/11.4/secure/caroot/trusted/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem releng/11.4/secure/caroot/trusted/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem releng/11.4/secure/caroot/trusted/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem releng/11.4/secure/caroot/trusted/XRamp_Global_CA_Root.pem releng/11.4/secure/caroot/trusted/certSIGN_ROOT_CA.pem releng/11.4/secure/caroot/trusted/ePKI_Root_Certification_Authority.pem releng/11.4/secure/caroot/trusted/emSign_ECC_Root_CA_-_C3.pem releng/11.4/secure/caroot/trusted/emSign_ECC_Root_CA_-_G3.pem releng/11.4/secure/caroot/trusted/emSign_Root_CA_-_C1.pem releng/11.4/secure/caroot/trusted/emSign_Root_CA_-_G1.pem releng/11.4/secure/caroot/trusted/thawte_Primary_Root_CA.pem releng/11.4/secure/caroot/trusted/thawte_Primary_Root_CA_-_G2.pem releng/11.4/secure/caroot/trusted/thawte_Primary_Root_CA_-_G3.pem
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202005211945.04LJjFgi027237>